On Thu, 17 Nov 2022 at 18:51, Jeff King <peff@xxxxxxxx> wrote: > > On Thu, Nov 17, 2022 at 09:17:53AM -0800, Matthew John Cheetham wrote: > > > > In the ideal world, we'd ship an encrypted store that people could use, > > > but then we have to deal with export regulations and sanctions and > > > nobody wants to do that. We'd also have to deal with multiple > > > cryptographic libraries for portability and license reasons and nobody > > > wants to do that, either. > > > > One option rather than shipping (or including in contrib/) any of these > > credential helpers, could we not reference several other popular helpers > > in the docs, and let users make their own choice (but at least some are > > then possibly more discoverable)? > > I don't have any problem with documenting the options better. The main > reason we have store/cache at all, even though they kind of suck, was to > act as least-common-denominators and pave the way for people making > better helpers. That happened, but nobody ever went back to adjust the > docs. > > I do think having the docs say "you should go use X" means that X will > have an advantage over other projects which may compete with it. So I > think we need to be careful to be inclusive of what we'll mention, and > to word it so that we're not endorsing any one project. I agree, although Git for Windows installs Git Credential Manager by default. Hard to compete with that, but it's fantastic for users. OAuth credential helpers are so widely useful I think it's worth introducing them in the documentation. I'll draft a patch.
