On 21 December 2012 02:49, Aaron Schrab <aaron@xxxxxxxxxx> wrote: > Tools outside of the core git tree may add support for new config keys which > are meant to contain sensitive information, and there would be no way for > `git config` to know about those. I understand that we've come down mostly on the 'users must check before sending' side of things, but this point isn't necessarily true. It wouldn't be too hard to create a config setting with a list of 'sensitive' keys filled with sensible defaults. It would be the job of the 3rd party to add the relevant keys to this config file. This wouldn't help with old 3rd party tools but would provide a way to 'hide' things automatically. A user could of course configure this themselves (though one would think most who knew how wouldn't need to). On 21 December 2012 02:52, Jeff King <peff@xxxxxxxx> wrote: >> I think that attempting to do this would only result in a false sense >> of security. > > Yeah. Thanks for a dose of sanity. I was really trying not to say "the > given advice is bad, and we cannot help those people". But I think you > are right; the only sensible path is for the user to inspect the output > before posting it. One thing that a new option could provide (or maybe even the existing option if it detects an interactive session) is to prompt the user to review the content before outputting it. This is a nice way of helping users who don't know that there might be sensitive information in the output. Are there any use cases where prompting the user would be annoying when using this command? Regards, Andrew Ardill -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html