On Fri, May 05, 2023 at 11:24:44AM -0400, Derrick Stolee wrote: > > But the new "wwwauth[]" field does allow this attack to take place. > > In particular, because this should be resolved before 2.41.0-rc0. Yes, definitely. > Each patch was simple to read and well-motivated. I was particularly > happy with this diffstat: > > > contrib/credential/gnome-keyring/.gitignore | 1 - > > contrib/credential/gnome-keyring/Makefile | 25 - > > .../git-credential-gnome-keyring.c | 470 ------------------ > > The rest of the changes looked to be obvious improvements, so this > v1 LGTM. Thanks. Much credit is owed to Peff, who worked on these patches with me. And FWIW, dropping support for the gnome-keyring helper was his idea. Thanks for the review :-). Thanks, Taylor
