[PATCH 4 of 4] keyring: add new extension keyring

Marcin Kasperski Marcin.Kasperski at mekk.waw.pl
Thu Sep 20 17:22:15 CDT 2012


>>    1. Patch Mercurial core so password management can be plugged in
>>    without monkeypatching (and plugin gets some necessary info - which
>>    password, for which user (if set), was the password wrong…)
>
> So you think the hooks I added to the http modules are not enough?

My feeling is that it is not quite “the place”. Even now, Mercurial
also may prompt for email password. I am not sure about extensions but
likely some also do need one password or another. So it would be nicer
to have single API for password management than http module hook.

Also, if Mercurial is to be modified, it really could generate explicit
notification that the password is bad.

After all, if somebody provides – say – extension for reading passwords
from smartcard, or from QRcodes, or some obscure crypto device, or maybe
just for prompting for password with some specific GUI window, he or she
should not (a) need to independently locate all hooks/places where
Mercurial must be modified and (b) reimplement the logic of detecting
bad password.

Just my opinion. Beware that I have limited knowledge of Mercurial
internals and feel free to correct my wrong assumptions.



More information about the Mercurial-devel mailing list