Re: The imporantance of including http credential caching in 1.7.7

[Michael J Gruber <git@drmicha.warpmail.net>]

Kyle Neath venit, vidit, dixit 07.09.2011 22:14:
> Junio C Hamano <gitster@pobox.com> wrote:
>> If this were a new, insignificant, and obscure feature in a piece of
>> software with mere 20k users, it may be OK to release a new version with
>> the feature in an uncooked shape.
> 
> For the sake of my paycheck, I should certainly hope not! I'm not at all
> suggesting we merge what we have in. However, I do think this feature is
> important enough to delay the release. I trust in the judgement of the core
> members to know when something is ready for inclusion in master.
> 
> Michael J Gruber <git@drmicha.warpmail.net> wrote:
>> So, it's been a year or more that you've been aware of the importance of
>> this issue (from your/github's perspective), and we hear about it now,
>> at the end of the rc phase.
> 
> I apologize if it sounds like that. I've been discussing this situation with
> many people (including Jeff King) for a very long time now, and it was my
> understanding that the credential caching was done and simply waiting for a
> new release. This is the first I've heard that it will not be included in
> 1.7.7, so I'm voicing my opinion now. Admittedly, late in the game - and I
> apologize for that.

OK, I've calmed down :)

> I'd be happy to help in any capacity I can. Unfortunately I'm no C hacker, and
> I've accepted that as a character flaw (it's something I'm working on). I'm
> afraid I can't be of much help with the actual code. What I can provide is an
> alternate viewpoint to the core team. A viewpoint of someone who's spent 3
> years trying to make git easier for newcomers.

It would be interesting to know what we can rely on in the user group
you're thinking about (which I called ssh-challenged). Setting up ssh
keys is too complicated. Can we require a working gpg setup? They do
want to check sigs, don't they?

What I have in mind is a very simple, but secure version of Jeff's
credential-store, respectively his example, somewhat like:

---%<---
STORAGE=$HOME/.credentials

for i in "$@"; do
	case "$i" in
	--unique=*)
		unique=${i#--unique=} ;;
	esac
done

key=$(git config get credential.gpgkey) # or error out

if ! test -e "$STORAGE/$unique"; then
	mkdir -m 0700 "$STORAGE"
	git credential-getpass "$@" | gpg -ear $key >"$STORAGE/$unique"
fi

gpg <"$STORAGE/$unique"
---%<---

Or that in C, probably using Junio's gpg-lib. That would be secure and
useful *if* we can rely on people having a convenient gpg setup
(gpg-agent or such).

So: What credential store/password wallet/etc. can we rely on for this
group? Is gpg fair game?

Michael