Re: [PATCH v1] send-email: provide whitelist of SMTP AUTH mechanisms

[Junio C Hamano <gitster@pobox.com>]

Eric Sunshine <sunshine@sunshineco.com> writes:

> What I was really asking was whether this sort of checking really
> belongs in git-send-email or if it is better left to Net::SMTP (and
> Authen::SASL) to do so since they are in better positions to know what
> is valid and what is not. If the Perl module(s) generate suitable
> diagnostics for bad input, then it makes sense to leave the checking
> to them. If not, then I can understand your motivation for
> git-send-email doing the checking instead in order to emit
> user-friendly diagnostics.
>
> So, that's what I meant when I asked 'What are the consequences of not
> limiting the input to this "approved" list?'.
>
> The other reason I asked was that it increases maintenance costs for
> us to maintain a list of "approved" mechanisms, since the list needs
> to be updated when new ones are implemented (and, as brian pointed
> out, some may already exist which are not in your list).

Both are very good points.  I do not think we should be limiting the
user input; instead, we (1) either let the Perl module emit proper
diagnosis (e.g. it may say "There is no valid auth method in the
list you gave me, which was 'PLIAN LOGIN CROM-MD5'") and do nothing,
or (2) catch the error from the Perl module and then guess what
happened after the fact (e.g. the module may say in its die() message
something that is understandable by the program but not by the user,
and "eval { ... module call ... }; if ($@) { ... HERE ... }" would
massage what it can learn in HERE from $@ into what the end user
would understand.  It may be that it is sufficient to have something
as simple as this:

	my $msg = "$@"
	if ($smtp_auth is used to customize) {
		$msg .= "\nYour customized <$smtp_auth> might be misspelt?"
	}
	die $msg;

in "HERE" above.

> ...
> Maybe. This leads back to my original question of whether it's really
> git-send-email's responsibility to do validation or if that can be
> left to Net::SMTP/Authen::SASL. If the Perl module(s) emit suitable
> diagnostics for bad input, then validation can be omitted from
> git-send-email.

Yes, exactly.  What happens if we go the route of doing nothing
here?  What are the horrible diagnostic message the end user would
not understand?