Barry Warsaw wrote:
We won't use plain text, but we may (or, we currently do) use basic auth over ssl. The security then is in the passwords, so we have to make sure they're generated securely.
That (sort of) *is* plain text passwords. Somebody who took over svn.python.org can get the password. In public-key or digest authentication, this won't be possible.