Hi, On Thu, 23 Jul 2009, Nanako Shiraishi wrote: > 1. Why would you keep sensitive information in the config file in the > first place? Wouldn't it be better to introduce a level of > indirection, making a variable in the config file to point to a > private file only you can read and store secrets in the latter? I agree that secret information should probably go to another file, although care has to be taken not to write that other file with "git config -f", as that would display the very same issue. > 2. Why is your config file more secret than your history? That one's easy. If you store passwords in the config file, it _is_ more secret than the history. You might be very willing to show people what you did, but still be unwilling to allow people to push commits with your credentials. > Wouldn't it solve your problem without any patch if you set > core.sharedrepository to 0600? I doubt it, as that config setting does not change anything in the working directory retro-actively. You _could_ chmod 0700 .git. But that is probably not what Catalin wanted. Ciao, Dscho -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html