On Thu, Apr 30, 2020 at 11:26:39PM -0700, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > > > There's an example of using your own bit of shell to act as a credential > > helper, but it's not very realistic: > > > > - It's stupid to hand out your secret password to _every_ host. In the > > real world you'd use the config-matcher to limit it to a particular > > host. > > > > - We never provided a username. We can easily do that in another config > > option (you can do it in the helper, too, but this is much more > > readable). > > > > - We were sending the secret even for store/erase operations. This > > is OK because Git would just ignore it, but a real system would > > probably be unlocking a password store, which you wouldn't want to do > > more than necessary. > > All of them make sense, but I do not think we want to encourage that > loose style of passing unquoted argument to echo to lose embedded > $IFS spaces that is not a SP. You mean dropping the quotes in the first patch? Doing: echo "password=$(cat $HOME/.secret)" already eats some trailing whitespace, though I guess if you have newlines in your password you are beyond help anyway. I can add back in the quoted \", though it does make the code slightly harder to read. -Peff
