Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] approaching release 3.4

On Wed, Sep 17, 2014 at 10:56 AM, Matthias Sohn <matthias.sohn@xxxxxxxxx> wrote:

On Thu, Sep 4, 2014 at 5:30 PM, Luca Milanesio <luca.milanesio@xxxxxxxxx> wrote:
think there is a major regression that needs to be fixed (see [1]) as it potentially breaks any operation with credentials encoded in the Git URL.

Regression was introduced with the support of the .netrc (see [2]) without honouring the credentials (user:pass@host) encoded in the URL: as a result any existing Git connections using the credentials in this way would eventually break.
The fix should be easy (just use the password in the URIish if present) and would then restore the existing behaviour.

If we are going to release 3.4 without fixing this regression, we should warn the users in the release notes that any credential in the URL is not honoured anymore.

Luca.


filed https://bugs.eclipse.org/bugs/show_bug.cgi?id=444338 to track this problem
Will work on a fix now

I think JGit should not silently set a CredentialsProvider since applications using JGit should have
full control how to do authentication, I pushed https://git.eclipse.org/r/#/c/33510/  for review
to fix this regression.

--
Matthias

Back to the top