[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.

Michael Adam obnox at samba.org
Mon Nov 5 13:43:52 MST 2012


Hi Andreas,

On 2012-11-05 at 18:23 +0100, Andreas Schneider wrote:
> On Monday 05 November 2012 08:02:47 Michael Adam wrote:
> > I agree with Andrew: the patch certainly does not harm, but
> > it might create a false sense of safety for specifying passwords
> > on the command line. We should not recommend that for production use.
> > So I am not quite certain what the patch is supposed to achieve.
> > Could you explain?
> 
> you read my initial mail of this thread, did you?

Sorry, I did not, it escaped my attention.

I think these git send-email patches are very confusing.

I personally prefer "git format-patch --stdout LAST^..FIRST > patchset.mbox"
and attach that file as attachment to a mail with an overall
explanation. This is much easier to grasp than 11 separate mails
for a patchset of 10 patches that form a unit. Just my 2 cents...  :-)

> It creates 99% more safety than before.

I still think that there is no real safety in these patches, but
99% more niceness for the carless commandline user.

As such, it is ok and good to have.

One comment on the patchset, on the burn function to be precise:
What happens if the user specifies -U / --user more than once on
the cmdline? Am I reading the code correctly in that it only
burns the first occurrence?

Cheers - Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121105/a02f9e7a/attachment.pgp>


More information about the samba-technical mailing list