Hi, First, this is the right place for reporting bugs. I don't know why it's using the credentials for the first remote. But I know that recent versions of git ship a credentials[1] helper that can ask a wallet or keychain for credentials, so you don't have to store them in the git config. Kevin [1]: http://git-scm.com/docs/gitcredentials On Tue, Jun 26, 2012 at 8:43 PM, Left Right <olegsivokon@xxxxxxxxx> wrote: > Hello list, > I didn't find a bug tracker and some comments on StackOverflow > suggested I should post to the mailing list... please excuse me if I > followed the wrong info, it's not really easy to find your bug > tracker, if there is one. > > I've came across this behavior trying to organize my repository to > push updates to several remote repositories. Here's what I did: > > in .git/conf > > [core] > repositoryformatversion = 0 > filemode = true > bare = false > logallrefupdates = true > > [remote "github"] > fetch = +refs/heads/*:refs/remotes/origin/* > url = https://username1:password1@xxxxxxxxxx/some.git > > [remote "googlecode"] > fetch = +refs/heads/*:refs/remotes/origin/* > url = https://username2:password2@xxxxxxxxxxxxxxx/p/some/ > > [remote "origin"] > url = https://username1:password1@xxxxxxxxxx/some.git > # url = https://username2:password2@xxxxxxxxxxxxxxx/p/some/ > > [remote "all"] > url = https://username1:password1@xxxxxxxxxx/some.git > url = https://username2:password2@xxxxxxxxxxxxxxx/p/some/ > [branch "master"] > remote = origin > merge = refs/heads/master > > Now, what happens if I try to push origin master: > the commit is sent to the first origin with the credential specified > in the first URL, but then the request to second URL is sent with the > credentials from the first URL. I tried switching them, and the result > is the same. I tried separate push'es to both repositories and it > works fine. I thought there might be something particular about > "origin" and tried moving the list of URLs to "all" - with the exact > same results. > > This is kind of frustrating... but this is also a tiny security threat > as you are basically sending the credentials of the users they used at > one site to another... w/o any notice or warning. > > That aside, I would be very happy to find some way to save passwords > in some... well... more secure format. Like on the keyring, for > example... .netrc is out of question though because of duplicating > user names :( > > Best. > > Oleg > -- > To unsubscribe from this list: send the line "unsubscribe git" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html