diff options
Diffstat (limited to 'Documentation/config/transfer.txt')
-rw-r--r-- | Documentation/config/transfer.txt | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/Documentation/config/transfer.txt b/Documentation/config/transfer.txt index c3ac767d1e..f1ce50f4a6 100644 --- a/Documentation/config/transfer.txt +++ b/Documentation/config/transfer.txt @@ -7,7 +7,7 @@ transfer.credentialsInUrl:: and any other direct use of the configured URL. + Note that this is currently limited to detecting credentials in -`remote.<name>.url` configuration, it won't detect credentials in +`remote.<name>.url` configuration; it won't detect credentials in `remote.<name>.pushurl` configuration. + You might want to enable this to prevent inadvertent credentials @@ -21,12 +21,12 @@ exposure, e.g. because: system. * The git programs will pass the full URL to one another as arguments on the command-line, meaning the credentials will be exposed to other - users on OS's or systems that allow other users to see the full + unprivileged users on systems that allow them to see the full process list of other users. On linux the "hidepid" setting documented in procfs(5) allows for configuring this behavior. + If such concerns don't apply to you then you probably don't need to be -concerned about credentials exposure due to storing that sensitive +concerned about credentials exposure due to storing sensitive data in git's configuration files. If you do want to use this, set `transfer.credentialsInUrl` to one of these values: + @@ -121,3 +121,7 @@ transfer.bundleURI:: information from the remote server (if advertised) and download bundles before continuing the clone through the Git protocol. Defaults to `false`. + +transfer.advertiseObjectInfo:: + When `true`, the `object-info` capability is advertised by + servers. Defaults to false. |