[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] approaching release 3.4

Thanks Matthias, much appreciated :-)
As soon as JGit will be released will push a Gerrit patch for using it.

Kind Regards.

Luca.

On 21 Sep 2014, at 00:09, Matthias Sohn <matthias.sohn@xxxxxxxxx> wrote:

On Wed, Sep 17, 2014 at 10:56 AM, Matthias Sohn <matthias.sohn@xxxxxxxxx> wrote:

On Thu, Sep 4, 2014 at 5:30 PM, Luca Milanesio <luca.milanesio@xxxxxxxxx> wrote:
think there is a major regression that needs to be fixed (see [1]) as it potentially breaks any operation with credentials encoded in the Git URL.

Regression was introduced with the support of the .netrc (see [2]) without honouring the credentials (user:pass@host) encoded in the URL: as a result any existing Git connections using the credentials in this way would eventually break.
The fix should be easy (just use the password in the URIish if present) and would then restore the existing behaviour.

If we are going to release 3.4 without fixing this regression, we should warn the users in the release notes that any credential in the URL is not honoured anymore.

Luca.


filed https://bugs.eclipse.org/bugs/show_bug.cgi?id=444338 to track this problem
Will work on a fix now

I think JGit should not silently set a CredentialsProvider since applications using JGit should have
full control how to do authentication, I pushed https://git.eclipse.org/r/#/c/33510/  for review
to fix this regression.

--
Matthias