mirror of
https://github.com/git/git.git
synced 2024-10-19 17:38:39 +02:00
4a169da280
Amend the documentation and release notes entry for the "fetch.credentialsInUrl" feature added in 6dcbdc0d661 (remote: create fetch.credentialsInUrl config, 2022-06-06), it currently doesn't detect passwords in `remote.<name>.pushurl` configuration. We shouldn't lull users into a false sense of security, so we need to mention that prominently. This also elaborates and clarifies the "exposes the password in multiple ways" part of the documentation. As noted in [1] a user unfamiliar with git's implementation won't know what to make of that scary claim, e.g. git hypothetically have novel git-specific ways of exposing configured credentials. The reality is that this configuration is intended as an aid for users who can't fully trust their OS's or system's security model, so lets say that's what this is intended for, and mention the most common ways passwords stored in configuration might inadvertently get exposed. 1. https://lore.kernel.org/git/220524.86ilpuvcqh.gmgdl@evledraar.gmail.com/ Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Acked-by: Derrick Stolee <derrickstolee@github.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> |
||
---|---|---|
.. | ||
add.txt | ||
advice.txt | ||
alias.txt | ||
am.txt | ||
apply.txt | ||
blame.txt | ||
branch.txt | ||
browser.txt | ||
checkout.txt | ||
clean.txt | ||
clone.txt | ||
color.txt | ||
column.txt | ||
commit.txt | ||
commitgraph.txt | ||
completion.txt | ||
core.txt | ||
credential.txt | ||
diff.txt | ||
difftool.txt | ||
extensions.txt | ||
fastimport.txt | ||
feature.txt | ||
fetch.txt | ||
filter.txt | ||
fmt-merge-msg.txt | ||
format.txt | ||
fsck.txt | ||
gc.txt | ||
gitcvs.txt | ||
gitweb.txt | ||
gpg.txt | ||
grep.txt | ||
gui.txt | ||
guitool.txt | ||
help.txt | ||
http.txt | ||
i18n.txt | ||
imap.txt | ||
index.txt | ||
init.txt | ||
instaweb.txt | ||
interactive.txt | ||
log.txt | ||
lsrefs.txt | ||
mailinfo.txt | ||
mailmap.txt | ||
maintenance.txt | ||
man.txt | ||
merge.txt | ||
mergetool.txt | ||
notes.txt | ||
pack.txt | ||
pager.txt | ||
pretty.txt | ||
protocol.txt | ||
pull.txt | ||
push.txt | ||
rebase.txt | ||
receive.txt | ||
remote.txt | ||
remotes.txt | ||
repack.txt | ||
rerere.txt | ||
safe.txt | ||
sendemail.txt | ||
sequencer.txt | ||
showbranch.txt | ||
sparse.txt | ||
splitindex.txt | ||
ssh.txt | ||
stash.txt | ||
status.txt | ||
submodule.txt | ||
tag.txt | ||
tar.txt | ||
trace2.txt | ||
transfer.txt | ||
uploadarchive.txt | ||
uploadpack.txt | ||
url.txt | ||
user.txt | ||
versionsort.txt | ||
web.txt | ||
worktree.txt |