On 5/1/2023 11:53 AM, Taylor Blau wrote: > This series addresses a handful of potential protocol injection attacks > possible via some of the credential helpers in contrib/credential, and > the new "wwwauth[]" directive. Sorry for being late to review this. I was not one of the three developers involved in writing and/or testing these changes, but I am motivated to see these fixes land. > But the new "wwwauth[]" field does allow this attack to take place. In particular, because this should be resolved before 2.41.0-rc0. Each patch was simple to read and well-motivated. I was particularly happy with this diffstat: > contrib/credential/gnome-keyring/.gitignore | 1 - > contrib/credential/gnome-keyring/Makefile | 25 - > .../git-credential-gnome-keyring.c | 470 ------------------ The rest of the changes looked to be obvious improvements, so this v1 LGTM. Thanks, -Stolee
