On Thu, Mar 29, 2012 at 03:02:52PM -0700, Junio C Hamano wrote: > William Strecker-Kellogg <willsk@xxxxxxx> writes: > > > The http-backend looks at $REMOTE_USER and sets $GIT_COMMITTER_NAME to > > that for use in the hooks. At our site we have a third party > > authentication module for our proxy (Shibboleth) which sets an alternative > > environment variable that our backend sees instead of REMOTE USER. > > > > This patch adds the config option http.remoteuser which changes what > > environment variable is inspected by the http-backend code (it defaults > > to REMOTE_USER). > > What is the chain of systems that pass the authenticated ident down to > this CGI program? Can another part of that chain stuff the value of > SHIBBOLETH_USER (or whatever) to REMOTE_USER before running it? > > As a design, I am not convinced this is a good change. > > What if the next person wants to interoperate with an authentication > system that passes the same information via a mechanism different from > environment variables? This change does not help him at all, as it is > still married to "the information has to come from an environment > variable" limitation. > > What if an authentication system can supply more appropriate committer > ident information other than just the uesrname part? I agree. It seems like one could just wrap http-backend in a script like this: #!/bin/sh REMOTE_USER=$SHIBBOLETH_USER exec git http-backend "$@" and that leaves way more flexibility. I think an even better thing would be for http-backend to leave GIT_COMMITTER_* alone if it exists; that is the usual well-known interface for setting such things. And then you could specify a detailed committer name and email if you want, or leave them blank to pull from $REMOTE_USER as we do now. As it is now, even if you specify GIT_COMMITTER_EMAIL, it gets overwritten with "$REMOTE_USER@http.$REMOTE_ADDR". Just today, we were looking at a similar patch for GitHub (we keep reflogs on all pushes, and we want to put useful information about the pusher into the reflog). William's patch would not be flexible enough for what we want to do, but setting GIT_COMMITTER_* would be easy (we are also stuffing more information into the reflog message, but that is a separate issue). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html