'Re: What's cooking in git.git (Jul 2009, #01; Mon, 06)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       git
Subject:    Re: What's cooking in git.git (Jul 2009, #01; Mon, 06)
From:       Jeff King <peff () peff ! net>
Date:       2009-07-07 21:11:09
Message-ID: 20090707211109.GA1922 () coredump ! intra ! peff ! net
[Download RAW message or body]

On Mon, Jul 06, 2009 at 10:18:03PM -0400, Mark Lodato wrote:

> > * ml/http (Wed May 27 23:16:03 2009 -0400) 2 commits
> >  - http.c: add http.sslCertPasswordProtected option
> >  - http.c: prompt for SSL client certificate password
> [...]
> 
> Sorry for the lack of updates.  After hearing feedback, the consensus
> seemed to be that detection of the certificate's encryption (above)
> and file type (other patch, not in git.git) should be done
> automatically, that is, without user configuration.  I agree, but
> neither can be done without great difficulty outside of libcurl.
> Therefore, I have started implement the autodetection of both, as well
> as the password caching, directly in libcurl.  If my work, once
> completed, is accepted by the libcurl folks, then there would be no
> need for the above, and we should recommend upgrading libcurl for
> those who want to use client-side certificates.
> 
> However, in the interim, and for users with earlier libcurl versions
> (and especially if my libcurl patch is never accepted), it might be
> nice to still have the above commits.  They are unobtrusive - the
> patches are small, and they do not affect users who do not enable the
> option - yet they drastically improve the experience for those using
> password-protected client-side certificates.

Yes, even if you get patches into libcurl, we will be supporting libcurl
without this feature for some time. So I think the right upgrade path
is:

  1. add sslCertPasswordProtected as a bool config option now, defaulting
     to false (i.e., your patches)

  2. libcurl grows new auto-detect feature

  3. When the new feature is available at build-time, turn
     sslCertPasswordProtected into a tri-state yes/no/auto, defaulting to
     "auto". For older libcurl, setting it to "auto" should probably
     generate an error (or perhaps simply default to "no").

IOW, whether the libcurl auto-detection feature happens or not, your
patches are the right first step (and if "not", then they are the final
step :) ).

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic