On Thu, Nov 17, 2022 at 09:17:53AM -0800, Matthew John Cheetham wrote: > > In the ideal world, we'd ship an encrypted store that people could use, > > but then we have to deal with export regulations and sanctions and > > nobody wants to do that. We'd also have to deal with multiple > > cryptographic libraries for portability and license reasons and nobody > > wants to do that, either. > > One option rather than shipping (or including in contrib/) any of these > credential helpers, could we not reference several other popular helpers > in the docs, and let users make their own choice (but at least some are > then possibly more discoverable)? I don't have any problem with documenting the options better. The main reason we have store/cache at all, even though they kind of suck, was to act as least-common-denominators and pave the way for people making better helpers. That happened, but nobody ever went back to adjust the docs. I do think having the docs say "you should go use X" means that X will have an advantage over other projects which may compete with it. So I think we need to be careful to be inclusive of what we'll mention, and to word it so that we're not endorsing any one project. -Peff
