Re: [PATCH] credential/wincred: store password_expiry_utc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 1 May 2023 at 23:25, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>
> M Hickford <mirth.hickford@xxxxxxxxx> writes:
>
> > Thanks Johannes for the review and the fix. I'll include it in any patch v2.
> >
> >> But I have to wonder: why even bother with `git-wincred`? This credential
> >> helper is so ridiculously limited in its capabilities, it does not even
> >> support any host that is remotely close to safe (no 2FA, no OAuth, just
> >> passwords). So I would be just as happy if I weren't asked to spend my
> >> time to review changes to a credential helper I'd much rather see retired
> >> than actively worked on.
> >
> > git-credential-wincred has the same capabilities as popular helpers
> > git-credential-cache, git-credential-store, git-credential-osxkeychain
> > and git-credential-libsecret. Any of which can store OAuth credentials
> > generated by a helper such as git-credential-oauth [1]. This is
> > compatible with 2FA (any 2FA happens in browser). Example config:
> >
> >     [credential]
> >         helper = wincred
> >         helper = oauth
> >
> > This patch to store password_expiry_utc is necessary to avoid Git
> > trying to use OAuth credentials beyond expiry. See
> > https://github.com/git/git/commit/d208bfdfef97a1e8fb746763b5057e0ad91e283b
> > for background (I'll add to commit message v2).
>
> So, even though earlier Dscho sounded negative on extending wincred
> helper, are we now on track of enhancing its capabilities?  The v3
> is now queued in my tree and nobody who knows Windows seem to have
> made any comments on either v2 or v3---I am wondering if the lack
> of comments is a good news or no interest.
>
> Thanks.

Thanks to Johannes's fixes for v1, the latest patch should be correct,
but it would be prudent to wait for a Windows user to test.

The utility of storing password_expiry_utc is universal to all
credential helpers. The latest commit message references the
introduction of this attribute
(d208bfdfef97a1e8fb746763b5057e0ad91e283b) for background. I repeat
the arguments in [1], I hope they are persuasive.

[1] https://lore.kernel.org/git/CAGJzqs=D8hmcxJKGCcz-NqEQ+QDYgi_aO02fj59kQoHZgiW3OQ@xxxxxxxxxxxxxx/
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux