Spotted this on the internet... https://github.blog/2019-05-14-git-ransom-campaign-incident-report/ Haven't hacked on git for a while, and I am not affiliated with any of the stakeholders. However, reading it, I wanted to slam my head on the desk. IIRC, git will sanely store a password elsewhere if it gets to prompt for it. Should we be trying to unpack usernames/passwords from HTTP urls, and DTRT with them? Are there other ways this could be made better? cheers, martin -- martin.langhoff@xxxxxxxxx - ask interesting questions ~ http://linkedin.com/in/martinlanghoff - don't be distracted ~ http://github.com/martin-langhoff by shiny stuff
