Re: Https password present in git output

[ervion <ervion@cryptolab.net>]

I completely agree that it is not a head-on-fire kind of problem, there 
are ways to avoid it.
Simply nice to have.

It is in fact the case, that git fetch output is scrubbed, sorry I did 
not notice previously.
But (on my device: git version 2.9.0 arch linux) git push is not.
$ git push origin --all

Results in:
/---/
To https://username:password@domeen.com/git/repo.git
    xxxxxxx..zzzzzzz  master -> master

On 13.07.2016 21:16, Junio C Hamano wrote:
> On Wed, Jul 13, 2016 at 11:09 AM, Junio C Hamano <gitster@pobox.com> 
> wrote:
>> ervion <ervion@cryptolab.net> writes:
>> 
>>> Sometimes using ssh is not possible and saving https password in 
>>> plain
>>> text to disk may be desireable
>>> (in case of encrypted disk it would be equivalent security with
>>> caching password in memory).
>>> 
>>> One possibility for this in git is to save remote in the
>>> https://username:password@domain.com/repo.git format.
>> 
>> Wasn't netrc support added exactly because users do not want to do
>> this?
> 
> Interesting. Even with "auth in URL", I seem to get this:
> 
> $ git fetch -v -v https://gitster:pass@github.com/git/git  
> refs/tags/v2.9.1
> From https://github.com/git/git
>  * tag               v2.9.1     -> FETCH_HEAD
> 
> Notice that "From $URL" has the userinfo (3.2.1 in RFC 3986) scrubbed.
> 
> If you are seeing somewhere we forgot to scrub userinfo in a similar 
> way in
> the output, we should. Where do you see "present in git OUTPUT" as you
> said in the subject? What command with what options exactly and in what
> part of the output?
> 
> Thanks.