Hi, On Mon, 12 Jan 2009, Boyd Stephen Smith Jr. wrote: > On Monday 12 January 2009, Peter Spierenburg > <ionlyusethisaddressforlists@xxxxxxxxx> wrote > > >C'mon, leave my password 'in-the-clear', in a text file on a networked > >box? That is the kind of prank a fourth-year student would try to pull > >on a freshman. > > > >How do I really do it? > > AFAIK, that's the only way for now. Indeed it is. > Personally, I'd welcome a patch that allowed fetch/push to prompt the > user for a password, but I'm not holding my breath. I guess everybody who wants that feature does exactly the same as you. Oh, and FWIW: trying to ridicule the way Git does it completely misses the fact that you are using such a ridiculously weak authentication scheme anyway that you could just as well open the window and shout your password out loud. Ciao, Dscho P.S.: real security would require you to have public/private key based client authentication. But that would leave you vulnerable, too, as you are apparently not on a trustable machine. P.P.S.: I have access to such a machine, too, but I never push _from_ there. That is relatively safe, as only those can access my private keys (and my $HOME/.netrc, BTW, as you seemed to have missed .netrc's 0600 mode) can impersonate me without hassle using sudo anyway. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
