Patrick Steinhardt <ps@xxxxxx> writes: > +--config-env=<name>=<envvar>:: > + Like `-c <name>=<var>` except the value is the name of an > + environment variable from which to retrieve the value. Unlike Let's avoid overusing the word "value", as it can refer to <name>=<envvar> as the whole (which is the value given to --config-env), or <envvar> itself (which may appear to the value given to <name>), or the value in the environment veraible. Like `-c <name>=<value>`, give configuration variable '<name>' a value, where <envvar> is the name of an environment variable from which to retrieve the value. or something along that line. > + `-c` there is no shortcut for directly setting the value to an > + empty string, instead the environment variable itself must be > + set to the empty strin. Errors if the `<envvar>` does not exist set to the empty string. It is an error if the ... > + in the environment. `<envvar>` may not contain an equals sign > + to avoid ambiguity with `<name>`s which contain one. which may contain one. > + This is useful for cases where you want to pass transitory > + configuration options to git, but are doing so on OS's where > + other processes might be able to read your cmdline > + (e.g. `/proc/self/cmdline`), but not your environ > + (e.g. `/proc/self/environ`). That behavior is the default on > + Linux, but may not be on your system. > + > + Note that this might add security for variables such as > + `http.extraHeader` where the sensitive information is part of > + the value, but not e.g. `url.<base.insteadOf` where the "url.<base>.insteadOf" > + sensitive information can be part of the key. When writing multi-paragraph description, the second and later paragraphs need to be dedented and the paragraph breaks are denoted not by a blank line but by a line with only a single '+' on it. I didn't look at the implementation or tests, as I think it hasn't changed since the last round, and the last round was looked at by Peff already. Thanks.
