how to prevent bzr+ssh from asking a password each time I commit a change?
Andrew Cowie
andrew at operationaldynamics.com
Tue Sep 9 22:28:57 BST 2008
On Tue, 2008-09-09 at 16:59 +0200, Vincent Ladeuil wrote:
> But I don't think trying to do it for ssh is a good
> idea. Password handling is highly sensitive,
Indeed. This is a major security weakness on Subversion's part - it is
another set of code paths that needs to be audited to the same level as
(say) OpenSSH. And that's an enormous risk factor.
[I mean, heck, there is a significant camp of people who argue that you
shouldn't even use an agent to cache your credentials. That's a matter
of pragmatism, and also points out that security is about more than just
code, but I sure as hell trust `ssh-agent` more than I do Subversion.]
No, this is something best delegated to the appropriate packages
provided by the OS. I'm glad that Bazaar is (like in so many other
things) better and correct. One gets tired of hearing "oh, well,
Subversion does it, so you have to too". No you don't have to be like
Subversion. You have to be like Bazaar - a cracking good DVCS.
AfC
Sydney
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20080910/6d38d930/attachment-0001.pgp
More information about the bazaar
mailing list