[BUG] Password handling when real ssh is available

[Robert Collins]

On Wed, 2005-11-30 at 10:43 -0600, John A Meinel wrote:
> I just committed a bunch of changes to the sftp code, which I'm going to
> merge into my integration branch.
> 
> I refactored the getpass() functionality into the UIFactory code, and in
> the process I realized that we have a small problem when using the
> native ssh.
> 
> We have no way of grabbing the password prompt, and overriding it. I'm
> sure other programs have ways of handling this, since I've seen a GTK
> box popup asking me for my ssh password. I saw the SSH_ASKPASS
> environment variable, but I'm not sure how we could override this for
> bzr's purposes. (A custom program which runs, and knows how to talk back
> to bzr? Perhaps one of the arguments in SSH_ASKPASS would be a named
> pipe to write the results to.)

We should not fiddle in this area.

About 500 DD's would immediately stop even considering using bzr - and
I'm serious.

let ssh worry about password handling, its part of the TCB, and we,
being in python and a ui program are definately -not-. 

As for giving ssh a user supplied password: I agree that we cannot do
that in this case, but its better to not tread where we should not go,
IMO. Passwords in urls are strongly deprecated anyway, due to the many
security issues they have.

Rob

-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20051201/1a56eb2f/attachment.pgp