Christian Theune wrote:
See: http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvem...
However, this only *allows* clients to manage their password reasonably, it doesn't force them to.
Well, you can't force someone to keep their private key private either... At the end of the day, if an svn account is compromised, we'll see a load of bogus commits. My understanding of svn is that those are moderately easy to remove.
From my understanding, the interesting part is what the DVCSs do: let people sign their commits with e.g. their PGP key (strong auth) and allow them to share that data somewhere (different mechanism maybe not so strong auth).
Well, the only "auth" bit seems to be where the "offical" changesets are.. Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk