Re: [git-users] it's not safe to set password wtih git config, can we not set it,
On Sat, 19 Jan 2013 00:37:20 +0800 lei yang yanglei.f...@gmail.com wrote: git config --global sendemail.smtppass this will display password in .git config can we avoid this ? Yes, do not keep passwords in your configuration files. --
Re: [git-users] it's not safe to set password wtih git config, can we not set it,
On Sat, Jan 19, 2013 at 1:00 AM, Konstantin Khomoutov flatw...@users.sourceforge.net wrote: On Sat, 19 Jan 2013 00:37:20 +0800 lei yang yanglei.f...@gmail.com wrote: git config --global sendemail.smtppass this will display password in .git config can we avoid this ? Yes, do not keep passwords in your configuration files. but if we don't put it in the configuration file, it will let me input it, that's not a easy life, how do you do that Lei --
Re: [git-users] it's not safe to set password wtih git config, can we not set it,
On Sat, 19 Jan 2013 01:08:47 +0800 lei yang yanglei.f...@gmail.com wrote: git config --global sendemail.smtppass this will display password in .git config can we avoid this ? Yes, do not keep passwords in your configuration files. but if we don't put it in the configuration file, it will let me input it, that's not a easy life, how do you do that Okay, the only (partial) solution to this sort of problems is to have such a password cached in a so-called authentication agent (ssh-agent from the SSH suite which caches your decrypted private keys is a good example) or in the so-called keyring which is provided by certain OS/DEs; in ether case the facility which provides such a caching typically asks for the password the first time it's needed and then keeps it in memory for the end of the user's login session. I do not think this is supported for the indicated setting though. I only saw certain work done on supporting keyrings for HTTP[S] authentication, so you could ask on the main Git list about whether using keyring for the SMTP password is available/planned. Also I was able to google something which might provide a solution -- a program [1] which is able to cache SMTP authentication info in the GNOME keyring for usage with msmtp. IIRC, msmtp can be configured to be the MSP for `git send-email`, so you could probably try to roll this solution, if you're using GNOME. 1. https://github.com/ervandew/keyring --
Re: [git-users] it's not safe to set password wtih git config, can we not set it,
On Fri, 18 Jan 2013 12:18:00 -0500 wor...@alum.mit.edu (Dale R. Worley) wrote: From: lei yang yanglei.f...@gmail.com git config --global sendemail.smtppass this will display password in .git config can we avoid this ? The value is in a configuration file which the user can read. If you modify the git code, you can prevent git config from printing it, but you can't stop the user from looking in the file. Note that --global means storing the password in ~/.gitconfig, which I doubt is world-readable, and even if it is, disabling this is just a matter of running `chmod o- ~/.gitconfig`. --
