Barry Warsaw wrote:
That (sort of) *is* plain text passwords. Somebody who took over svn.python.org can get the password. In public-key or digest authentication, this won't be possible.
Actually, the passwords are still hashed in the file, so they wouldn't be able to extract the plain text password.
Nah. Somebody who takes over svn.python.org can replace Apache, and that will receive plain text passwords over the wire (in case you wonder: modules/aaa/mod_auth.c:authenticate_real_user - you can even write an Apache module that gets hold of the sent password).
An intruder would have to wait some time before the password come in, instead of being able to read them all from a file at once - that's true.
Public/private keys would be better, and if anybody knows how to set up a Subversion server to use these without having to create accounts for everyone, I think we (the pythong.org admins) would love your help.
Ok. Since this falls in my research interest, I definitely want to give it a try. I think I would set up PyCA to let users generate their private keys in the browser.