On Tue, May 13, 2025 at 12:13:30AM +0000, brian m. carlson wrote: > On 2025-05-12 at 13:50:17, Jeff King wrote: > > On Tue, May 06, 2025 at 07:40:39AM +0200, Patrick Steinhardt wrote: > > > > > Other than that we also have some bits and pieces that _are_ actively > > > maintained, but that just don't have a better place to live: > > > > > > [...] > > > - Diff-highlight. > > > - git-jump. > > > > These two are due to me. I don't have a problem moving them into their > > own projects if we want to clean out contrib. > > > > I think diff-highlight is something that _should_ eventually happen > > inside git-diff itself (because it would be more efficient and we could > > do a better job). But it wouldn't share any implementation with what's > > in contrib/. > > I think there are definitely users of diff-highlight. I remember seeing > a reference to it recently and not realizing it was in contrib, but it > is actually used by others. I don't use it myself, though. Yup, diff-highlight is something I see recommended quite often. > > > - Credential helpers. > > > > These ones are tricky. In theory they could be spun off into their own > > projects, and we already have examples in the wild of things like GCM > > which are maintained totally separately. > > > > But I think we may need to find people to step up as maintainers. In > > particular, I think osxkeychain is probably used by a lot of people, and > > probably shouldn't just go away. But I don't know how the maintainer > > would be. I wrote it originally, but don't (and never did) use it > > myself, or even have access to a macOS machine. > > These are often shipped by distributors. Apple ships osxkeychain, as > does Homebrew. Many Linux distros ship libsecret and it's the > recommended choice for desktop Linux. > > wincred, while not super popular, is still used and is smaller and > lighter than GCM. It doesn't actually look like GCM is seeing a great > deal of maintenance either at this point, so I'd say they're about > equally well maintained. Since I don't use Windows, I don't know if > there are other usecases (such as noninteractive uses) that are better > supported by wincred, but I'd recommend keeping it. > > I definitely want us to keep these somewhere since they are quite > commonly used (even wincred) and getting rid of them will break a lot of > people and leave them without a secure credential storage option. We > could promote them to the main repository and simply build them with a > Makefile knob (or by default on the appropriate platform) and in CI, in > which case we'd at least know they build. > > I'm not volunteering to be _the_ maintainer for libsecret, but I will > definitely contribute to making it work since I use it. This is much > like I am not _the_ maintainer for making Git work with Kerberos, but I > do certainly often fix it should it break. Yup. I think safe credential helpers should rather be moved into our official tree. This includes at least libsecret and osxkeychain. I'm not sure about the netrc one though -- it's unsafe by nature, and I'm not sure I would feel comfortable with shipping such a credential helper that is known-unsafe. Patrick
