Re: [PATCH][v2] http authentication via prompts (with correct line lengths)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I guess it makes sense to split the config out into two patches. I wanted both to help with automated builds, and as it's a read only account I wasn't worried about someone reading the password. I'm not very impressed with the permissions on the .netrc file actually providing security so I can see not allowing the password in the config either. In my system at work, we have shared machines but all developers have root access, so file permissions don't really secure anything for us. It's also why we can't really use keys (there is no way to enforce that a key is secured afaik).

I wanted to do a remote specific config as well but a global works well in many environments where your push repo is under http as you don't keep having to configure it. I also couldn't see a good way to do a remote specific config without changing the remote struct (which seemd like putting specific in a general). I would love some advice on this and where to put it.

I can see your security points but I would argue that if that's what we are worried about then we should not allow the netrc file at all. I added notes in the config documentation about this. I'm open to discussion on this point.

Johannes Schindelin wrote:
> Hi,
> 
> On Mon, 9 Mar 2009, Junio C Hamano wrote:
> 
>> It appears that none of the issues I raised in my response to your 
>> earlier round was addressed in this patch, except for the line 
>> rewrapping of the proposed commit log message.
> 
> AFAICT my concerns were not addressed either: misleading subject unless 
> the patch is split into two, remote specific config variable instead of 
> global one, security issues.
> 
> Ciao,
> Dscho
> 

-- 
-Mike Gaffney (http://rdocul.us)
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux