From: Jeff King <email@example.com>
To: Junio C Hamano <firstname.lastname@example.org>
Cc: Matthew John Cheetham via GitGitGadget <email@example.com>,
Matthew John Cheetham <firstname.lastname@example.org>
Subject: Re: [PATCH 1/3] wincred: ignore unknown lines (do not die)
Date: Thu, 22 Sep 2022 18:09:24 -0400 [thread overview]
Message-ID: <YyzdFBaiWgCJzMWX@coredump.intra.peff.net> (raw)
On Thu, Sep 22, 2022 at 02:19:43PM -0700, Junio C Hamano wrote:
> > It is the expectation that credential helpers be liberal in what they
> > accept and conservative in what they return, to allow for future growth
> > and evolution of the protocol/interaction.
> That is nice in principle, and the updated code below may work well
> with existing "other side of the connection" (codepaths in "git"
> that asks credential API to talk to the helpers), but I am not sure
> if this is always a safe thing to do.
> When we gain a new "command" in the protocol, if we just read it
> without understanding it, would we open ourselves to a risk of
> breaking the protocol communication, worst of which may be to
> deadlock? A new command, when received by a more recent helper that
> understands how to react to it, may _require_ it to write more than
> "username" and "password" back to "git" from get_credential(), for
> example, but the helper with this patch alone, while not complaining
> about seeing such a new and unknown command, would not know how to
> compute and write that third thing other than "username" and
> "password"---would the other side who issued that new command get
> stuck waiting for us to return the third thing? Worse yet, the new
> command may expect us to read further in get_credential()
> (e.g. maybe they will give us a challenge, which may need to be used
> when yielding the "username" and "password" things), but because we
> do not even know we need to read, their attempt to write to us may
> get them stuck, and that is when we are expecting to write to them,
> easily leading to a deadlock, no?
This open-endedness was an intentional part of the original
credential-helper design. Helpers are always "best effort", and it is OK
if they ignore a request, or return a partial result. If the sending
side really wants to extend the protocol in a way that the other side
doesn't act at all (say, they "username" to be used _only_ if the helper
also understands a new "foobar" key), then they should be adding the new
fields as an atomic unit. I.e., "foobar", "foobar-userame", and so on.
And then existing helpers which don't understand the new feature will
just ignore it totally.
In practice, I think it's not that big a deal either way, because the
setup of these helpers is under the control of the user. So if you
really want to use "foobar" but a helper doesn't support it, then you'd
just remove that helper from your config.
next prev parent reply other threads:[~2022-09-22 22:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-22 16:59 [PATCH 0/3] Correct credential helper discrepancies handling input Matthew John Cheetham via GitGitGadget
2022-09-22 16:59 ` [PATCH 1/3] wincred: ignore unknown lines (do not die) Matthew John Cheetham via GitGitGadget
2022-09-22 21:19 ` Junio C Hamano
2022-09-22 22:09 ` Jeff King [this message]
2022-09-22 16:59 ` [PATCH 2/3] netrc: " Matthew John Cheetham via GitGitGadget
2022-09-22 16:59 ` [PATCH 3/3] osxkeychain: clarify that we ignore unknown lines Matthew John Cheetham via GitGitGadget
2022-09-22 18:31 ` [PATCH 0/3] Correct credential helper discrepancies handling input Derrick Stolee
2022-09-22 22:11 ` Jeff King
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).