0.92 is nigh

Vincent Ladeuil v.ladeuil+lp at free.fr
Thu Oct 25 09:47:37 BST 2007


<snip/>

    martin> http://bundlebuggy.aaronbentley.com/request/%3Cm28x5tyj89.fsf@free.fr%3E
    martin>    (vila) Authentication ring implementation (read-only)
    martin>    This would be really nice but sadly I probably cannot read it in
    martin> time.  We should
    martin>    at least land it right afterwards.

Some brief comments.

You raised the concern about risks introduced by this patch. I
went the safe route when writing it, ensuring that using an empty
authentication.conf file will not change the default bzr
behavior. I think I added the right tests for that. But of course
I wait for the reviewers comments on that.

Now the only places, where this patch has an impact, I can think
of are:

- using a bare http+urllib://host will now use a default user
  (getpass.getuser()) where None was supplied before but *only* if
  we receive a 401 (auth required) from the server.

- using a bare ftp://host will now use a default user where None
  was supplied before *unconditionally*. So in that case we lose
  the fallback to anonymous for ftp read-only access
  (i.e. 'anonymous' must be specified explicitly). I just
  noticed that, we may want to revert that behavior...

- lp_registration was using getpass.getpass, it now uses
  ui.get_password (through AuthenticationConfig), but lacks
  tests. I was a bit shy here not really knowing how to test it
  properly.

- both smtp_connection and lp_registration requires that the user
  is defined to authenticate, so no default user policy there
  (default as in provides a user if None is defined).

The first two points mean that the next version of the
specification should clearly cover the default user policy (but I
had that in mind anyway).

That being said, from the bzr project point of view, this is
*far* less important than pack format landing.



More information about the bazaar mailing list