[bitbake-devel] [PATCH] fetch2/wget: add Basic Auth from netrc to checkstatus()
Matthew McClintock
msm-oss at mcclintock.net
Sat Dec 17 09:42:29 UTC 2016
On Fri, Dec 16, 2016 at 5:59 PM, Mark Hatle <mark.hatle at windriver.com> wrote:
> There was a recent change to wget that allows it to do an 'ASKPASS' when it
> needs credentials.
>
> This is how we handle that at Wind River. We define a WGET_ASKPASS program that
> knows how to answer the credential questions [or prompt the user outside of the
> build system, i.e. via gnome].
This is somewhat tangential to the patch above though? You could still do both.
> (Passing anything on the command line, or even via .netrc is really dangerous.
> The command line due to 'ps' leakage on a multi-user system, and .netrc as the
> credentials are stored in plain text.)
I'm confused how is .netrc dangerous in this regard? The python
library actually won't use netrc if the permissions on the file are
wrong but I'm not aware of how there is leakage here? Maybe you're
just warning against parsing and adding to the command line?
-M
More information about the bitbake-devel
mailing list