Re: The imporantance of including http credential caching in 1.7.7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Sep 08, 2011 at 11:02:11AM -0400, John Szakmeister wrote:

> On Thu, Sep 8, 2011 at 9:17 AM, Michael J Gruber
> <git@xxxxxxxxxxxxxxxxxxxx> wrote:
> [snip]
> > It would be interesting to know what we can rely on in the user group
> > you're thinking about (which I called ssh-challenged). Setting up ssh
> > keys is too complicated. Can we require a working gpg setup? They do
> > want to check sigs, don't they?
> 
> I don't think you can require a working gpg setup (at least for not
> addressing the ssh-challenged group).

Agreed. Anything harder than ssh keys is right out the window, because
they're always the alternative these people could be using (but can't or
don't want to).

We could make our own gpg-based password wallet system, but I think it's
a really bad idea, for two reasons:

  1. It's reinventing the wheel. Which is bad enough as it is, but is
     doubly bad with security-related code, because it's very easy to
     screw something up when you're writing a lot of new code.

  2. It's inconvenient for users. Nobody wants a separate wallet system
     with its own master password. They want to integrate with the
     wallet system they're already using. Which is generally going to be
     way nicer _anyway_, because it's going to be part of the OS and do
     helpful things like unlock the secret store using their login
     credentials.

> > So: What credential store/password wallet/etc. can we rely on for this
> > group? Is gpg fair game?
> 
> I think there probably need to be providers for using Keychain under
> the Mac, gnome-keyring and kwallet under Linux, and probably something
> using the wincrypt API under Windows.  I don't think there's a
> one-store-fits-all solution here, unfortunately. :-(

Exactly. That's why the helpers communicate via pipes. They don't have
to be included with core git at all; you should be able to just drop a
third-party git-credential-foo into your PATH.

> I'm actually tempted try and work on a couple of those myself.

Please do! I mentioned a few people working on helpers elsewhere in this
thread, so you may want to see what they've done and/or coordinate to
avoid duplicate effort. Let me know if you have trouble finding the
appropriate threads in the list archive.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]