From: Junio C Hamano <gitster@pobox.com>
To: Zeger-Jan van de Weg <git@zjvandeweg.nl>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 1/1] Git config allows value setting from stdin
Date: Tue, 17 Sep 2019 09:59:11 -0700 [thread overview]
Message-ID: <xmqqy2ym97vk.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <20190917133135.190145-2-git@zjvandeweg.nl> (Zeger-Jan van de Weg's message of "Tue, 17 Sep 2019 15:31:35 +0200")
Zeger-Jan van de Weg <git@zjvandeweg.nl> writes:
> Subject: Re: [PATCH 1/1] Git config allows value setting from stdin
Probably something like this, with the "<area>:" prefix.
config: learn the --stdin option to take args from the standard input
> When setting values in the git config, the value is part of the
> arguments for execution. This potentially leaks the value through
> logging, or other programs like `ps`.
OK.
> Prior to this change, there was no option to do this. This change adds
> the `--stdin` to be combined with `--add`. When passed, the value cannot
> be passed and is read through stdin.
That's overly verbose.
Add the `--stdin` option that can be used with `--add` to
instead take the variables and values from the standard
input to hide them from prying eyes.
or something? When you say "Add", we know there isn't any right now
(that is why you are adding, after all).
Also, shouldn't the variable also be considered sensitive? IOW
$ git config --stdin --add <<\EOF
remote.hidden.url=https://user:pass@over.there/repo
EOF
instead of
$ git config --stdin --add remote.hidden.url <<\EOF
https://user:pass@over.there/repo
EOF
?
Incidentally, allowing it to take variable=value pair would also
allow you to set many of them in batch, which is another benefit.
> -'git config' [<file-option>] [--type=<type>] --add name value
> +'git config' [<file-option>] [--type=<type>] --add [--stdin] name [value]
This does not convey "you pass name and value without --stdin, or
you pass only name with --stdin" and instead allow a nonsense like
"git config --add name". Splitting it into two would be a way to
tell this unambiguously to the readers, e.g.
git config [--type=<type>] --add name value
git config [--type=<type>] --add --stdin name
although I suspect we would also want to allow treating the varilabe
names as sensitive.
Thanks.
next prev parent reply other threads:[~2019-09-17 16:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-17 13:31 [PATCH 0/1] git-config --add allows values from stdin Zeger-Jan van de Weg
2019-09-17 13:31 ` [PATCH 1/1] Git config allows value setting " Zeger-Jan van de Weg
2019-09-17 16:59 ` Junio C Hamano [this message]
2019-09-22 3:11 ` [PATCH 0/1] git-config --add allows values " Taylor Blau
2019-09-23 9:46 ` Phillip Wood
2019-09-23 11:45 ` SZEDER Gábor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqy2ym97vk.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=git@zjvandeweg.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.