0.92 is nigh
Vincent Ladeuil
v.ladeuil+lp at free.fr
Thu Oct 25 09:47:37 BST 2007
<snip/>
martin> http://bundlebuggy.aaronbentley.com/request/%3Cm28x5tyj89.fsf@free.fr%3E
martin> (vila) Authentication ring implementation (read-only)
martin> This would be really nice but sadly I probably cannot read it in
martin> time. We should
martin> at least land it right afterwards.
Some brief comments.
You raised the concern about risks introduced by this patch. I
went the safe route when writing it, ensuring that using an empty
authentication.conf file will not change the default bzr
behavior. I think I added the right tests for that. But of course
I wait for the reviewers comments on that.
Now the only places, where this patch has an impact, I can think
of are:
- using a bare http+urllib://host will now use a default user
(getpass.getuser()) where None was supplied before but *only* if
we receive a 401 (auth required) from the server.
- using a bare ftp://host will now use a default user where None
was supplied before *unconditionally*. So in that case we lose
the fallback to anonymous for ftp read-only access
(i.e. 'anonymous' must be specified explicitly). I just
noticed that, we may want to revert that behavior...
- lp_registration was using getpass.getpass, it now uses
ui.get_password (through AuthenticationConfig), but lacks
tests. I was a bit shy here not really knowing how to test it
properly.
- both smtp_connection and lp_registration requires that the user
is defined to authenticate, so no default user policy there
(default as in provides a user if None is defined).
The first two points mean that the next version of the
specification should clearly cover the default user policy (but I
had that in mind anyway).
That being said, from the bzr project point of view, this is
*far* less important than pack format landing.
More information about the bazaar
mailing list