On Wed, Nov 2, 2022 at 6:36 AM M Hickford via GitGitGadget
<gitgitgadget@xxxxxxxxx> wrote:
> These days, the 'password' for a software forge might be personal access
> token or OAuth access token. These are popular, so worth clarifying that
> Git treats them just the same.
>
> Signed-off-by: M Hickford <mirth.hickford@xxxxxxxxx>
> ---
> diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
> @@ -21,6 +21,9 @@ in order to access a remote repository over HTTP. This manual describes
> the mechanisms Git uses to request these credentials, as well as some
> features to avoid inputting these credentials repeatedly.
>
> +Some repositories accept multiple passwords, including personal access
> +tokens and OAuth access tokens. Git handles all of these the same.
I easily understood Ævar's point about these types of secrets all
being different names for a password, but I find the above change
rather confusing when it mentions "multiple passwords". That makes me
think I may need to somehow configure multiple passwords for a site
(even though I know that's not what you meant).
How about a different approach, calling it a "secret" first, and then
defining "secret" as different names for "password". Perhaps something
like this:
Git will sometimes need credentials from the user in order to
perform operations; for example, it may need to ask for a username
and secret in order to access a remote repository over HTTP. The
secret may be a password, passcode, personal access token, OAuth
access token, etc. This manual describes the mechanisms Git uses
to request these credentials, as well as some features to avoid
inputting these credentials repeatedly.
