Thanks for reviewing the patch. On Thu, Jun 11, 2009 at 7:56 PM, Junio C Hamano<gitster@xxxxxxxxx> wrote: > Mark Lodato <lodatom@xxxxxxxxx> writes: > >>> The user is always prompted, even if the certificate is not encrypted. >>> This should be fine; unencrypted certificates are rare and a security >>> risk anyway. > > Hmm, "rare" is in the eyes of beholder. For automated settings, I would > imagine that it is a necessary feature that we need to keep working. Of > course the local box that keeps an unencrypted certificate used this way > must be well protected to make it _not_ a security risk, but that is not > an issue you are addressing with your patch anyway, so it is not nice to > dismiss possible usability issues like this. Sorry about that wording - it probably is a more common case than I imagine. But patch 2/2 addresses this issue with an option to disable the password prompt. This does require one-time work for existing users who use an unencrypted certificate, but overall I think the patch series is a big win since encrypted certificates are not usable at all currently. >>> I did not create any tests because the existing http.sslcert option has >>> no tests to begin with. > > Again, not nice. Not having tests in this particular patch may be Ok, as > long as you or other people fix that deficiency with follow-up patches, > but please don't be proud that you are following a bad example. Again, sorry about the wording. I meant the above as an explanation of why I did not include a test - I was not sure how to write one. I would be happy to write such a test if someone could give me some guidance. Thanks again! Mark -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html