On Fri, Nov 11, 2016 at 09:02:52PM +0100, Dennis Kaarsemaker wrote: > > > Are you sure about that? If I do: > > > > > > echo url=https://example.com/repo.git | > > > git credential fill > > > > > > I get prompted for a username and password. > > > > > > Hm.. either I don't understand you or I expressed myself unclear. > > > > Let's say a user runs: > > > > $ git clone https://myrepo.git > > > > If no credential helper is setup, then Git asks the user for credentials. > > Afterwards Git starts downloading stuff. At some point Git will run my > > smudge filter on some files and in my case the smudge filter needs the > > Git credentials. AFAIK, the smudge filter has no way to get the credentials > > from Git at this point - not even by invoking "git credential". > > Is this correct? > > I think that's correct, but the same argument goes both ways: unless I > use a credential helper, or explicitely give a filter application my > credentials, I don't want a helper to be able to get to those > credentials. I'd consider that a security bug. Yeah, agreed. They are logically two separate operations, so I think it is a feature that they do not implicitly share credentials. I think the only place where we implicitly share credentials is when serving an HTTP fetch or push requires multiple HTTP requests. And there it seems pretty sane to do so. -Peff