Hi, Disclaimer: if you are offended by constructive criticism, or likely to answer with insults to the comments I offer, please stop reading this mail now (and please do not answer my mail, either). :-) Still with me? Good. Nice to meet you. Just for the record: responding to a patch is my strongest way of saying that I appreciate your work. On Wed, 4 Mar 2009, Mike Gaffney wrote: > Currently git over http only works with a .netrc file which required > that you store your password on the file system in plaintext. This > commit adds to configuration options for http for a username and an > optional password. If a http.username is set, then the .netrc file is > ignored and the username is used instead. If a http.password is set, > then that is used as well, otherwise the user is prompted for their > password. >From the subject, I would have expected a way to type in the password instead of storing it. (Think getpass()... which would pose problems with Windows support, of course.) FWIW by having it in .git/config (which is most likely more world-readable than $HOME/.netrc ever will be) does not provide any security over .netrc. And I doubt that http.username is a good choice: what if you have multiple http:// URLs with different usernames/passwords? So would it not make more sense to make this remote.<name>.user and ...password? Ciao, Dscho -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
