[Python-Dev] PEP: Migrating the Python CVS to Subversion
"Martin v. Löwis"
martin at v.loewis.de
Fri Jul 29 07:00:06 CEST 2005
Barry Warsaw wrote:
> We won't use plain text, but we may (or, we currently do) use basic auth
> over ssl. The security then is in the passwords, so we have to make
> sure they're generated securely.
That (sort of) *is* plain text passwords. Somebody who took over
svn.python.org can get the password. In public-key or digest
authentication, this won't be possible.
Regards,
Martin
More information about the Python-Dev
mailing list