On Fri, Dec 09, 2011 at 03:34:08PM -0800, Junio C Hamano wrote: > > We _could_ modify credential_match() to automatically reject such a > > pattern at that level,... > > I do not think that is such a good idea to modify "match()" function > either, as I agree match with empty has its uses, but that does not stop > "rewrite_credential_file()" from being safe by default, no? After all, the > one that makes the decision to drop things that match the pattern is that > function (it chooses to give NULL to match_cb). Yeah, you could move it down to that level, but there isn't much point. rewrite_credential_file is unique to credential-store, and the only two callers are store_credential (which has its own, stricter rules already) and remove_credential, which we are modifying here. Note that I didn't bother with the same safety valve for credential-cache. It is, after all, a cache that will go away eventually anyway, so safety is less interesting. Third-party helpers will have to do their own checks anyway, as in general I don't plan on them linking directly against git code. Speaking of which, I hackishly ported Jay's osxkeychain helper to the new format last night. I'll try to clean that up and post it tonight. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html