|
| From: | Matthew A. Nicholson |
| Subject: | Re: [Monotone-devel] monotone-server: empty passphrase from get_passphrase |
| Date: | Tue, 14 Nov 2006 00:45:05 -0600 |
| User-agent: | Icedove 1.5.0.7 (X11/20061014) |
Richard Levitte - VMS Whacker wrote:
False trail!
Yeah that code is just to pull the password out of the /etc/monotone/passphrases file (we don't store it in debconf cause that is not safe).
The error is in monotone-server.config. For reconfigure, it happily gets the same input as for configure, and then saves whatever the user gave, and does NOT regenerate a new passphrase if the user just pressed Enter... Matthew, what was the intention here? It does look faulty to me, one way or another.
Hmmm... that code seems strange. If you think it should generate a password then just add a check for a blank password and generate one if necessary:
db_get monotone-server/passphrase MTN_KEY_PASSWD="$RET" if [ -z "$MTN_KEY_PASSWD" ]; then gen_pass MTN_KEY_PASSWD="$PASS" fiThe problem is if we are managing the database and we generated the keys in the beginning, then the user should not be able to change the password (cause we don't update the keys, although we could I guess). If the user wants us to manage his database then he should enter a proper password for his key.
That is the basic reasoning behind the way it works now. We don't generate a key there so we should not generate a random password for it. Perhaps we should not allow a blank password either.
Let me know if that's not clear, it's late and I am sleepy :). -- Matthew A. Nicholson matt-land.com
| [Prev in Thread] | Current Thread | [Next in Thread] |