this post was submitted on 24 Jan 2024
197 points (100.0% liked)

Open Source

823 readers
14 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

First, they restricted code search without logging in so I'm using sourcegraph But now, I cant even view discussions or wiki without logging in.

It was a nice run

you are viewing a single comment's thread
view the rest of the comments
[–] mozz@mbin.grits.dev 1 points 9 months ago* (last edited 9 months ago) (1 children)

Aha, I think we have arrived at the crux of the confusion.

As I said several times before, I'm extremely in favor of using API tokens that way, when they're being used from an automated workflow where the alternative is to store a password. That's an increase in security, yes.

What I'm irritated about is that my use of git as a command-line tool does not function to interact with github if I just give my github password. I do not have an automated workflow. I'm just using git from the command line, and would like to be able to type my password.

If this reduction in the security and convenience of my daily setup is because github believes, as you do apparently, that the only reason to use the command line is from an automated workflow, that may form a clue as to why they don't give a shit about my preferred workflow or my not wanting to introduce new attack vectors into it. Fair enough. But please don't lecture me on how not letting me just enter my password, and forcing me to store tokens for my interactive workflow, is better. Because for me, it isn't.

Glad we had this talk.

[–] ReversalHatchery 1 points 9 months ago (1 children)

Yes, it looks like it was me who was confused. I did not know that github does not accept anymore the password when using git, and you're right that this is unnecessary. Sorry that I was rude, me implying that you were confused really wasn't a friendly thing.

If you use git often, and this is in the way for you, I think it's possible to save it in the gitconfig, tough, if that's fine. I think git should be able to use the credential manager of mac's too if you use that, but maybe it needs a separate package installed for that to work.

[–] mozz@mbin.grits.dev 2 points 9 months ago* (last edited 9 months ago)

Hey it's all good. In seriousness I am glad we came to a point of understanding now.

And yeah, my API token I generated for the command line, I keep stored in my OSX keychain. It's all set at this point. I'm just irritated that I had to go through all that bollocks in the first place, and for no increase in security but actually a slight reduction, since my github password is not in the OSX keychain, but in a much-more-secure password manager and in my memory. And, that from time to time the whole issue rears its head again like it did yesterday.

Actually, holy shit - you just made me realize, as I was thinking on that "slight reduction in security" statement, that the pass"phrase" for my OSX keychain is one that I reused in other places on the internet, not one that I treat as "holy shit needs to be super-secure" like for my other password manager. Brb I am changing that right now.