"Derrick Stolee via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > Create a new "fetch.credentialsInUrl" config option and teach Git to > warn or die when seeing a URL with this kind of information. The warning > anonymizes the sensitive information of the URL to be clear about the > issue. > > This change currently defaults the behavior to "allow" which does > nothing with these URLs. We can consider changing this behavior to > "warn" by default if we wish. At that time, we may want to add some > advice about setting fetch.credentialsInUrl=ignore for users who still > want to follow this pattern (and not receive the warning). Can we make this die in a bit more controlled way? e.g. https://github.com/git/git/runs/6646450422 seems to show that depending on the timing, the call to die() on the "git clone" side may cause us stop reading early enough to kill the other side with SIGPIPE. The nicely prepared warning message seems to be lost.
