> On 11 Nov 2016, at 21:27, Jeff King <peff@xxxxxxxx> wrote: > > On Fri, Nov 11, 2016 at 09:02:52PM +0100, Dennis Kaarsemaker wrote: > >>>> Are you sure about that? If I do: >>>> >>>> echo url=https://example.com/repo.git | >>>> git credential fill >>>> >>>> I get prompted for a username and password. >>> >>> >>> Hm.. either I don't understand you or I expressed myself unclear. >>> >>> Let's say a user runs: >>> >>> $ git clone https://myrepo.git >>> >>> If no credential helper is setup, then Git asks the user for credentials. >>> Afterwards Git starts downloading stuff. At some point Git will run my >>> smudge filter on some files and in my case the smudge filter needs the >>> Git credentials. AFAIK, the smudge filter has no way to get the credentials >>> from Git at this point - not even by invoking "git credential". >>> Is this correct? >> >> I think that's correct, but the same argument goes both ways: unless I >> use a credential helper, or explicitely give a filter application my >> credentials, I don't want a helper to be able to get to those >> credentials. I'd consider that a security bug. > > Yeah, agreed. They are logically two separate operations, so I think it > is a feature that they do not implicitly share credentials. > > I think the only place where we implicitly share credentials is when > serving an HTTP fetch or push requires multiple HTTP requests. And there > it seems pretty sane to do so. Agreed. Thanks for your thoughts on this! - Lars