mercurial hg-git cannot push to github

Manuel Jacob me at manueljacob.de
Thu Nov 21 06:14:17 UTC 2019


On 2019-11-21 05:22, Paul Jackson wrote:
> Manuel wrote:
>>> After applying the patch series, you should be able to push to a Git
>>> repository when including username and password in the URL
> 
> Three related questions that perhaps you could answer more easily
> from your prior knowledge, than I could answer by having to test 
> things:
> 
> 1) Should I also expect, after applying this patch series, that I can
>     push changes in my local hg-git repository back up to its origin
>     on github, by << having my github username/password in my ~/.hgrc
>     file >> ?
> 
> 2) Or are these equivalent - meaning does having my github username/
>     password in ~/.hgrc file _cause_ that username and password to be
>    automatically embedded in the github URL to which such an hg push
>     will attempt to connect, when pushing back up to github?

I’m not sure which exact way of setting the username/password in your 
.hgrc you are referring to.  But I can say that setting anything in the 
[auth] section will not have any effect.

The URL you used for the push can be saved as a default in your .hgrc. 
See the bottom of https://www.mercurial-scm.org/repo/hg/help/urls for 
more information.

> 3) Is having my github username and password embedded in the URL
>     when pushing back up to github woefully insecure ?  Does it expose
>     my github password in plain text to any one able to lurk on the
>     connection being setup between my local system and github?

If HTTPS is used, the HTTP requests (including the URL) are encrypted. 
So unless there’s a bug in TLS, eavesdroppers of the connection should 
not be able to read the password.

Another question if whether the client and server itself handle the URL 
(including the password) in a secure way.  If implemented insecurely, 
e.g. a web server could write the URL to an access log file without 
properly masking out the password.



More information about the Mercurial mailing list