Recently I’ve been using a number of [developer] tools to access GIT repositories. A couple of things that I am finding is that often these tools suffer poor operability when used within a corporate/enterprise environment with regards for accessing and working with proxy servers. The other thing that I am finding is the use of storing passwords in plain-text within text files (usually dot.configuration files) that get stored on users local machines.
While I am not sure of the acceptability of this practice in an enterprise environment, it made me think about what other kinds of security factors need to be addressed, both in the toolset that the community might use, and in the software being developed.
Are we going to get a set of suitable security standards that we need to work to, or should the community be involved in creating appropriate guidelines - I am thinking along the types of resources created by the patterns and practices folks.
Just my thoughts