Return-Path: 
 <dev-return-17040-apmail-subversion-dev-archive=subversion.apache.org@subversion.apache.org>
X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org
Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 41F53967E
	for <apmail-subversion-dev-archive@minotaur.apache.org>;
 Thu,  5 Jan 2012 20:03:30 +0000 (UTC)
Received: (qmail 66679 invoked by uid 500); 5 Jan 2012 20:03:29 -0000
Delivered-To: apmail-subversion-dev-archive@subversion.apache.org
Received: (qmail 66624 invoked by uid 500); 5 Jan 2012 20:03:29 -0000
Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@subversion.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@subversion.apache.org>
List-Post: <mailto:dev@subversion.apache.org>
List-Id: <dev.subversion.apache.org>
Delivered-To: mailing list dev@subversion.apache.org
Received: (qmail 66610 invoked by uid 99); 5 Jan 2012 20:03:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 20:03:28 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of markphip@gmail.com designates
 74.125.82.47 as permitted sender)
Received: from [74.125.82.47] (HELO mail-ww0-f47.google.com) (74.125.82.47)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 20:03:22 +0000
Received: by wgbdr10 with SMTP id dr10so685643wgb.16
        for <dev@subversion.apache.org>; Thu, 05 Jan 2012 12:03:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=sK288/+aqXCPEUz0ww5ZLMbvHi6qeFKcXB9JTg7n2YQ=;
        b=o+5AUk8oty5bLRmanuAklijHKQP1UsP+uufvrGuhAewgbYM1JO3I0QaVMaYSOBC9Qz
         8DYJ04JPgacero2mC62fqOBajvlLOoBC/+fHWI7PoJX2q9LUd/kMqpnSbgsVCmmKAFLi
         AuPqMWwq2bQoz8Kb/ry8utIXlkOPM2Ls9x92k=
MIME-Version: 1.0
Received: by 10.180.88.229 with SMTP id bj5mr2529025wib.5.1325793782246; Thu,
 05 Jan 2012 12:03:02 -0800 (PST)
Received: by 10.227.196.74 with HTTP; Thu, 5 Jan 2012 12:03:02 -0800 (PST)
In-Reply-To: 
 <CABw-3YdRDg-Lqmcbh7sF6RvfrzA2ENYn4HOdpwFgE+WrKyG5Gw@mail.gmail.com>
References: 
 <CAO16vNTmwTna0Lkx8m=OzNfW=3KAaCmL2HMmbn4V4+nSa9mi=g@mail.gmail.com>
	<CABw-3YdRDg-Lqmcbh7sF6RvfrzA2ENYn4HOdpwFgE+WrKyG5Gw@mail.gmail.com>
Date: Thu, 5 Jan 2012 15:03:02 -0500
Message-ID: 
 <CAHFaGCrT9i9DNV2Ba8hcdTaPQSuk-9EkQhd-Z_HdFuTg2LudVQ@mail.gmail.com>
Subject: Re: [RFC] Server Dictated Configuration
From: Mark Phippard <markphip@gmail.com>
To: Ivan Zhakov <ivan@visualsvn.com>
Cc: Paul Burba <ptburba@gmail.com>,
 Subversion Development <dev@subversion.apache.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

On Thu, Jan 5, 2012 at 2:42 PM, Ivan Zhakov <ivan@visualsvn.com> wrote:
> On Wed, Jan 4, 2012 at 02:58, Paul Burba <ptburba@gmail.com> wrote:
>> Mike Pilato and I have been kicking around some ideas on server
>> dictated configuration recently and have put our thoughts into a wiki
>> (full disclosure: this wiki was initially based on Hyrum's thoughts on
>> the subject in https://svn.apache.org/repos/asf/subversion/trunk/notes/repos-dictated-config)
>> :
>>
>> http://wiki.apache.org/subversion/ServerDictatedConfiguration
>>
>> We're at a point where it's time to solicit some wider feedback, so
>> please have a look at the wiki and follow-up here with any concerns,
>> thoughts, suggestions, etc..
>>
> I think most of use-cases can be solved by existing mechanism without
> inventing something new:
> 1. auto-props
> TortoiseSVN already has 'tsvn:auto-props' property [1]. Which used to
> automatically set properties for added files. It would be nice if
> Subversion core support this property.
>
> 2. ignores
> We can add svn:global-ignores property to define global (recursive) ignore mask.

The approach TortoiseSVN and some other clients take does work pretty
nicely but I also think they reveal the short comings in using
properties.  For convenience, TortoiseSVN does not force you to set
these properties on every folder and instead will walk to the root of
your WC to find them, but then this also exposes the problem that if
you did not checkout the folder that has those properties you are back
to square one.  That is why I believe it makes sense for SVN to
support it natively using an approach something like described in the
wiki.  Or at least weigh that approach versus using properties within
the repository.  Perhaps properties are the way to add the deferred
feature of supporting overrides based on path?

> 3. store-plaintext-passwords
> Since most used of platforms already supports password encryption
> (Windows, MacOS, KDE, GNOME) I think we can safely just change to do
> not store plaintext by default.

You must not spend time working with Unix users.  The options we
provided are good, but do not seem to be enough and there is no way to
enforce policies where they have to be used.  It also does nothing to
help things like automated build processes and scripts that need to
run on Unix and cannot interact with a keyring.

I do not pretend to have an answer though.  Making plain text off by
default might be a start.  I think some people might object to adding
"security theater" by using something like AES encryption to obfuscate
plain text passwords but I think some of our users would appreciate
that option over plain text.  It seems like we could possibly add an
option for the user to provide some salt when configuring and building
the binaries as well.  I am guessing this could be read from the
strings in the compiled library but it would still provide a small
measure of additional obfuscation that someone would need to know.

-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/