Re: replacement git-cl

[Graham Percival]

On Mon, Sep 26, 2011 at 09:31:08PM -0600, Colin Campbell wrote:
> >As an aside, I've moved the stored credentials (if somebody is
> >compfortable with plaintext in their home directory) to
> >~/.lilypond-project-hosting-login
> 
> An additional precaution, besides hiding the file with the dot
> prefix, would be chmod 0700 .lilypond-project-hosting-login to
> restrict access to the owner only.

chmod 0600 , but yes.

I've been influenced by ESR's design notes on fetchmail:
http://www.fetchmail.info/esrs-design-notes.html
in particular the "why i will never add password encryption in
.fetchmailrc":
  The reason there's no facility to store passwords encrypted in
  the .fetchmailrc file is because this doesn't actually add
  protection.

  Anyone who's acquired the 0600 permissions needed to read your
  .fetchmailrc file will be able to run fetchmail as you anyway --
  and if it's your password they're after, they'd be able to rip
  the necessary decoder out of the fetchmail code itself to get it.

  All .fetchmailrc encryption would do is give a false sense of
  security to people who don't think very hard.


That said, I recognize that it's much easier to snarf a password
from a dotfile than it is to sneak a custom-hacked fetchmail onto
somebody's computer.  I actually keep all my personal dot-files
(including fetchmail) on a separate sd card which I mount+unmount,
precisely to lower the chance of anything bad happening if
somebody else gets access to my university desktop computer.
So I'd be the last person to throw stones at others for being too
paranoid!  :)

Cheers,
- Graham