Kyle Neath venit, vidit, dixit 07.09.2011 22:14:
> Junio C Hamano <gitster@xxxxxxxxx> wrote:
>> If this were a new, insignificant, and obscure feature in a piece of
>> software with mere 20k users, it may be OK to release a new version with
>> the feature in an uncooked shape.
>
> For the sake of my paycheck, I should certainly hope not! I'm not at all
> suggesting we merge what we have in. However, I do think this feature is
> important enough to delay the release. I trust in the judgement of the core
> members to know when something is ready for inclusion in master.
>
> Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> wrote:
>> So, it's been a year or more that you've been aware of the importance of
>> this issue (from your/github's perspective), and we hear about it now,
>> at the end of the rc phase.
>
> I apologize if it sounds like that. I've been discussing this situation with
> many people (including Jeff King) for a very long time now, and it was my
> understanding that the credential caching was done and simply waiting for a
> new release. This is the first I've heard that it will not be included in
> 1.7.7, so I'm voicing my opinion now. Admittedly, late in the game - and I
> apologize for that.
OK, I've calmed down :)
> I'd be happy to help in any capacity I can. Unfortunately I'm no C hacker, and
> I've accepted that as a character flaw (it's something I'm working on). I'm
> afraid I can't be of much help with the actual code. What I can provide is an
> alternate viewpoint to the core team. A viewpoint of someone who's spent 3
> years trying to make git easier for newcomers.
It would be interesting to know what we can rely on in the user group
you're thinking about (which I called ssh-challenged). Setting up ssh
keys is too complicated. Can we require a working gpg setup? They do
want to check sigs, don't they?
What I have in mind is a very simple, but secure version of Jeff's
credential-store, respectively his example, somewhat like:
---%<---
STORAGE=$HOME/.credentials
for i in "$@"; do
case "$i" in
--unique=*)
unique=${i#--unique=} ;;
esac
done
key=$(git config get credential.gpgkey) # or error out
if ! test -e "$STORAGE/$unique"; then
mkdir -m 0700 "$STORAGE"
git credential-getpass "$@" | gpg -ear $key >"$STORAGE/$unique"
fi
gpg <"$STORAGE/$unique"
---%<---
Or that in C, probably using Junio's gpg-lib. That would be secure and
useful *if* we can rely on people having a convenient gpg setup
(gpg-agent or such).
So: What credential store/password wallet/etc. can we rely on for this
group? Is gpg fair game?
Michael
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html