On Dec 18, 2007 10:41 PM, Martin Langhoff <martin.langhoff@xxxxxxxxx> wrote: > - git/config is very likely to be readable if the site is served via > other means, like dumb http protocol, or git+ssh. So even if the > password scrambling is mickey-mouse. it might make sense to force the > password data to live elsewhere. On this aspect, I see no reason why we wouldn't have the passwords crypt()ed or SHA1'd. Perl includes crypt() in the default distribution, so it wouldn't add any dependency. The protocol may be ROT13'ing the passwords, but we don't have to double-ROT13 them in our storage format ;-) cheers, martin - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
