[ANN] Encrypted Credential Store for Windows
John Arbash Meinel
john at arbash-meinel.com
Mon Jan 31 15:50:37 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 1/31/2011 1:41 AM, Martin Pool wrote:
> On 30 January 2011 01:00, vila <v.ladeuil+lp at free.fr> wrote:
>> > <scheme> should be something like 'http' or 'ftp'. It won't work for ssh
>> > or sftp since Bazaar requires the use of an ssh-agent for those schemes.
>>
>> We recommend using ssh agents because they are more suited for ssh
>> connections because they are audited for security whereas
>> authentication.conf and bzr hasn't been yet (and keeping small code
>> bases for audit purposes is the Right Thing to do). Your plugin does
>> exactly that.
>
> If bzr can't get paramiko ssh passwords from a plugable credential
> store, that's a bug. Assuming you are using passwords and using
> paramiko inprocess in bzr, nothing is gained by not having the
> password stored in cryptoapi.
>
> Martin
>
>
Right. Though I don't think this supports things like ssh keys, which is
usually the recommended way to handle auth with ssh.
So I agree it is a bug, possibly one we haven't pushed for fixing,
because ssh keys are generally preferred.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1G2kwACgkQJdeBCYSNAAOq4QCdFjnv8ELyyCtlNyFkGuKEim+4
Fw0AoNh+6e0UPs264MoOAj+32aslmx8c
=AhcP
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list