[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Problem with Git HTTP Authentication in Neon.1

While I was writing this, David also opened bug https://bugs.eclipse.org/bugs/show_bug.cgi?id=502937 in parallel, suggesting another way to do a minimal update.

> -----Original Message-----
> From: technology-pmc-bounces@xxxxxxxxxxx [mailto:technology-pmc-
> bounces@xxxxxxxxxxx] On Behalf Of Carsten Reckord
> Sent: Friday, September 30, 2016 8:08 PM
> To: Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>;
> technology-pmc@xxxxxxxxxxx
> Cc: mpc-dev@xxxxxxxxxxx
> Subject: [technology-pmc] Problem with Git HTTP Authentication in Neon.1
> 
> Everybody,
> 
> Unfortunately, we have found an issue in Neon.1 that breaks EGit's HTTP
> Basic Auth support. If users try to check out a repository via HTTP that
> requires authentication, they will get a wrong password dialog from
> Eclipse UI instead of EGit's own, and even if they enter the correct
> credentials here, the operation will ultimately fail.
> 
> The problem was introduced by MPC's version in Neon.1, which tried to work
> around problems caused by EGit's replacement of the global
> java.net.Authenticator. Details can be found on bug
> http://eclip.se/501000. A new version of MPC that disables the problematic
> behavior is available[1], but the question is how to proceed in rolling
> out this fix.
> 
> I see several options on how to proceed and would like to ask for your
> opinion:
> 
> 1) Just communicate the issue and provide instructions for the user to fix
> it
> 
> Instructions would be to install the MPC update manually, either from the
> update site via "Install New Software...", or via MPC itself. We could
> probably use the Error Reporter to inform users of the fix.
> 
> This is definitively the easiest to do. But given the impression this bug
> might make on users, the question is if it is enough.
> 
> 2) Ask for a full respin / Neon.1a release
> 
> This is clearly on the other end of the spectrum as the most heavyweight
> solution, but would ensure that all future downloads have the fix and all
> existing installations get it via automatic updates.
> 
> 3) Provide the fix as an addition to the Neon simrel composite
> 
> This would be sort of a middle-ground that has come up in the discussion
> on http://eclip.se/501000. Instead of doing a full respin, we could add a
> minimal repository with the fix to the Neon simrel composite. This would
> make the fix available as an automated update to existing users, and Ed
> would make sure that installations via the Eclipse Installer would include
> the fix from the start. This would just leave the package archive
> downloads, which would only receive the fix with their next automatic
> update.
> 
> Due to the impact on the user community and the impression we make here, I
> think this is severe enough to warrant option 2, but I'd really like to
> hear your opinions. I'm sorry that I didn't catch this in time for the
> release and for any extra work it causes now.
> 
> Yours,
> Carsten
> 
> [1] http://download.eclipse.org/mpc/releases/1.5.1a