Topic on User talk:Martin Urbanec/Flow

4nn1l2 (talkcontribs)

Hi Martin Urbanec,

If I want to use HTTP credentials in Gerrit instead of SSH keys, is generating a new password the only solution when I want to push a commit? I ask this question because I can't find any settings using which to change my current password. My current password (which has been generated by the system automatically) is impossible to remember. So, I have to generate a single-use password every time, and I think this is not optimal.

Thanks

Martin Urbanec (talkcontribs)

@4nn1l2 Hello, using HTTPS to push commits is indeed not optimal :-). Doing a HTTPS push is less secure, because with HTTPS, the password needs to be exchanged with the server (while with SSH, it's only a matter of verifying signatures; there's nothing to leak).

It's possible to store the password locally in a .netrc file, see https://confluence.atlassian.com/bitbucketserver/permanently-authenticating-with-git-repositories-776639846.html for instructions, but note this is less secure than using a SSH key protected by a passphrase (if I have your .netrc file, I can do things on your behalf at Gerrit; if I have your encrypted SSH key, I first need to figure out the password [which is a matter of time, but still buys you some time, especially with a decent passphrase]).

HTH.

4nn1l2 (talkcontribs)

Thanks, I use SSH key myself.

Actually, I'm writing a help page for Farsi speakers (fa:راهنما:گیت) and I'm going to keep it as simple as possible. I hoped I could avoid SSH key and git-review, but they are covered now too.

By the way, I have read Gerrit/git-review#What happens when you submit a change, but still don't get it what the benefit of using git-review is besides filling in topic in Gerrit automatically.

Using git push origin HEAD:refs/for/master%topic=T292685 instead of git review -R is not difficult for me.

So my question is: does git-review make works easier on your part (i.e., sysadmins)?

Martin Urbanec (talkcontribs)

git review is a wrapper around native git commits (with some Gerrit-awareness; ie. it can construct correct commit for pulling a Gerrit patchset). The only thing we care about is a correct patch in Gerrit: the exact way how it gets there doesn't matter to us. So if using commands native to git is easier for you, no problem, and you can continue using them :).

Reply to "HTTP credentials"