'Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-dev
Subject:    Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py
From:       Daniel Shahaf <d.s () daniel ! shahaf ! name>
Date:       2022-07-15 11:20:51
Message-ID: 20220715112051.GG2933 () tarpaulin ! shahaf ! local2
[Download RAW message or body]

Nathan Hartman wrote on Thu, Jul 14, 2022 at 10:45:07 -0400:
> On Thu, Jul 14, 2022 at 10:02 AM Daniel Sahlberg
> <daniel.l.sahlberg@gmail.com> wrote:
> > 
> > Den tors 14 juli 2022 kl 15:52 skrev Daniel Shahaf <d.s@daniel.shahaf.name>:
> > > 
> > > Nathan Hartman wrote on Wed, 13 Jul 2022 15:29 +00:00:
> > > > On Wed, Jul 13, 2022 at 10:55 AM Daniel Shahaf <d.s@daniel.shahaf.name> \
> > > > wrote:
> > > > > Should the entry link to the zsh script
> > > > > (https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
> > > > >  as well, as an alternative?  It might be useful for someone if their
> > > > > environment doesn't have Python installed or if they find the zsh script
> > > > > easier to audit.
> > > > 
> > > > I think it would be useful, and...
> > > > 
> > > > > (Well, I suppose it might make more sense to copy the script
> > > > > somewhere than to link to an immutable archives message with that
> > > > > subject line.)
> > > > 
> > > > ...the place to put it is probably tools/client-side/ just like the
> > > > Python script.
> > > 
> > > Being in tools/ would imply dev@ accepts responsibility for bug reports
> > > against the zsh script.  Is dev@ happy to do that?  I'm concerned about
> > > the bus factor.
> > 
> > 
> > I was just about to say the same thing (and with no intention to
> > discredit the zsh version). If it is desirable to list all available
> > realms and let the user choose interactively, I could add that to
> > the Python script.

Adding such functionality would reduce the amount of legwork for users
(= would move the Python script leftwards on <https://xkcd.com/1343/>).

> > I was also going to add that I think it is better to provide one
> > tool and make sure that tool is working well instead of having two
> > tools that differ only in tiny details, since they might bit-rot in
> > different ways over time and it might be hard for a newcomer to
> > understand the motivation of having different tools.
> 

Agreed: knobs have a cost both to maintainers and to users.  However, we
should balance this downside with potential upsides, such as the ones I
offered above:

> > > > > [...]  It might be useful for someone if their environment
> > > > > doesn't have Python installed or if they find the zsh script
> > > > > easier to audit.

I'm not implying those points outweigh Daniel's; I'm just saying we
have identified pros and cons but haven't tallied them up yet.

For instance, perhaps we should link to both implementations but make it
clear that the Python one is preferred, community supported, "Use it
unless you know you need the other one", etc..

> 
> These are all good points.
> 
> I admit that zsh is a bit of a mystery to me, as is the script, so I
> couldn't provide support for it, at least not with my current
> knowledge. I am impressed that zsh can do so much with so little.
> 

zsh syntax can be terse, but the script is pretty much translatable
line-for-line into Python, except for the 'select' loop:

https://zsh.sourceforge.io/Doc/Release/Shell-Grammar.html#index-select

… which would be this:

def select(choices):
    for i_and_element in enumerate(choices):
        print("{}: {}".format(*i_and_element))
    n = int(input("Choice number: "))
    if not (0 <= n < len(choices)):
        raise ...
    return choices[n]

(plus a few more lines for the argv and loop support)

> It's in the list archives, but as DanielSh points out, is in a thread
> with a not-so-nice subject. That could be addressed by re-mailing it
> to dev@ with a new subject, e.g., "Prototype zsh script to store svn
> password in plaintext" in case anyone ever asks or searches for a
> non-Python way to do it. We could even link to it from the same FAQ,
> e.g., "An example of how to store svn plaintext credentials was
> implemented as a zsh script. It is unsupported by the SVN maintainers
> but can be found at [link] for pedagogical purposes."

If we give the script a new URL, perhaps we could make that URL identify
a _mutable_ resource, so if we ever have to update the script all its
users won't have to update their bookmarks?  Just a nice-to-have.

Cheers,

Daniel


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic