Patrick Steinhardt <ps@xxxxxx> writes: > Yup. I think safe credential helpers should rather be moved into our > official tree. This includes at least libsecret and osxkeychain. Yes. s|^contrib/|| should be sufficient for them. > I'm not > sure about the netrc one though -- it's unsafe by nature, and I'm not > sure I would feel comfortable with shipping such a credential helper > that is known-unsafe. That depends. It is a known-convenient helper that can often be used in an unsafe way, but when used with GPG encrypted netrc files, especially on a single user box that is reasonably secured, it is unfair to call it known-unsafe, I would have to say. Thanks.
