archive mirror
 help / color / mirror / Atom feed
From: Jeff King <>
To: Junio C Hamano <>
Cc: Matthew John Cheetham via GitGitGadget <>,,,,
	Matthew John Cheetham <>
Subject: Re: [PATCH 1/3] wincred: ignore unknown lines (do not die)
Date: Thu, 22 Sep 2022 18:09:24 -0400	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <xmqqbkr7xg28.fsf@gitster.g>

On Thu, Sep 22, 2022 at 02:19:43PM -0700, Junio C Hamano wrote:

> > It is the expectation that credential helpers be liberal in what they
> > accept and conservative in what they return, to allow for future growth
> > and evolution of the protocol/interaction.
> That is nice in principle, and the updated code below may work well
> with existing "other side of the connection" (codepaths in "git"
> that asks credential API to talk to the helpers), but I am not sure
> if this is always a safe thing to do.
> When we gain a new "command" in the protocol, if we just read it
> without understanding it, would we open ourselves to a risk of
> breaking the protocol communication, worst of which may be to
> deadlock?  A new command, when received by a more recent helper that
> understands how to react to it, may _require_ it to write more than
> "username" and "password" back to "git" from get_credential(), for
> example, but the helper with this patch alone, while not complaining
> about seeing such a new and unknown command, would not know how to
> compute and write that third thing other than "username" and
> "password"---would the other side who issued that new command get
> stuck waiting for us to return the third thing?  Worse yet, the new
> command may expect us to read further in get_credential()
> (e.g. maybe they will give us a challenge, which may need to be used
> when yielding the "username" and "password" things), but because we
> do not even know we need to read, their attempt to write to us may
> get them stuck, and that is when we are expecting to write to them,
> easily leading to a deadlock, no?

This open-endedness was an intentional part of the original
credential-helper design. Helpers are always "best effort", and it is OK
if they ignore a request, or return a partial result. If the sending
side really wants to extend the protocol in a way that the other side
doesn't act at all (say, they "username" to be used _only_ if the helper
also understands a new "foobar" key), then they should be adding the new
fields as an atomic unit. I.e., "foobar", "foobar-userame", and so on.
And then existing helpers which don't understand the new feature will
just ignore it totally.

In practice, I think it's not that big a deal either way, because the
setup of these helpers is under the control of the user. So if you
really want to use "foobar" but a helper doesn't support it, then you'd
just remove that helper from your config.


  reply	other threads:[~2022-09-22 22:09 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-22 16:59 [PATCH 0/3] Correct credential helper discrepancies handling input Matthew John Cheetham via GitGitGadget
2022-09-22 16:59 ` [PATCH 1/3] wincred: ignore unknown lines (do not die) Matthew John Cheetham via GitGitGadget
2022-09-22 21:19   ` Junio C Hamano
2022-09-22 22:09     ` Jeff King [this message]
2022-09-22 16:59 ` [PATCH 2/3] netrc: " Matthew John Cheetham via GitGitGadget
2022-09-22 16:59 ` [PATCH 3/3] osxkeychain: clarify that we ignore unknown lines Matthew John Cheetham via GitGitGadget
2022-09-22 18:31 ` [PATCH 0/3] Correct credential helper discrepancies handling input Derrick Stolee
2022-09-22 22:11 ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).