Thomas Rast <trast@xxxxxxxxxxx> writes: > This mostly parallels http.authAny which was introduced in b8ac923 > (Add an option for using any HTTP authentication scheme, not only > basic, 2009-11-27). http.authAny was removed, and its feature > unconditionally enabled, in 525ecd2 (Remove http.authAny, 2009-12-28). > However the reasoning of the latter does not apply here because XXXX. Thanks, Thomas. I think this paragraph is essential, especially the XXXX part, if we were to accept the proposed change and keep the new configuration. Otherwise we won't know what to do when somebody proposes to unconditionally enable this ;-) If it turns out that we can set CURLOPT_PROXYAUTH always to CURLAUTH_ANY without compromising security, then an explanation why this does not have to be optional, similar to what justified 525ecd2, needs to be there instead, and the patch needs to be tweaked to drop the configuration bits. Marco, I extracted your patch in the attachment and took a look at it before composing the above response. - Your log message seems to be indented by two spaces for some strange reason; - it does not have any justification like the example Thomas gave you; and - it also is missing your S-o-b. Care to re-roll one more time? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html