-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't recommend leaking tokens into the console history #10458
Conversation
r? @ehuss (rust-highfive has picked a reviewer for you, use r? to override) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems reasonable to me.
src/doc/src/reference/publishing.md
Outdated
$ cargo login | ||
``` | ||
|
||
Then at the propt put in the token specified. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then at the propt put in the token specified. | |
Then at the prompt put in the token specified. | |
I'm not sure what's up with the CI failure. I haven't seen |
Co-authored-by: bjorn3 <bjorn3@users.noreply.github.com>
@bors r=ehuss |
📌 Commit 3e71691 has been approved by |
☀️ Test successful - checks-actions |
Update cargo 11 commits in 3d6970d50e30e797b8e26b2b9b1bdf92dc381f34..65c82664263feddc5fe2d424be0993c28d46377a 2022-02-28 19:29:07 +0000 to 2022-03-09 02:32:56 +0000 - Remove remaining 2 warn(clippy::*) instances (rust-lang/cargo#10438) - Use `available_parallelism` instead of `num_cpus` (rust-lang/cargo#10427) - Wait up to one second while waiting for curl (rust-lang/cargo#10456) - Improve code coverage (rust-lang/cargo#10460) - Don't recommend leaking tokens into the console history (rust-lang/cargo#10458) - fix some typos (rust-lang/cargo#10454) - Use `extend` instead of `push`ing in a loop (rust-lang/cargo#10453) - Use locked_version more (rust-lang/cargo#10449) - Disable dependabot (rust-lang/cargo#10443) - Update git2 dependencies (rust-lang/cargo#10442) - Stop gating stable features (rust-lang/cargo#10434)
Update cargo 11 commits in 3d6970d50e30e797b8e26b2b9b1bdf92dc381f34..65c82664263feddc5fe2d424be0993c28d46377a 2022-02-28 19:29:07 +0000 to 2022-03-09 02:32:56 +0000 - Remove remaining 2 warn(clippy::*) instances (rust-lang/cargo#10438) - Use `available_parallelism` instead of `num_cpus` (rust-lang/cargo#10427) - Wait up to one second while waiting for curl (rust-lang/cargo#10456) - Improve code coverage (rust-lang/cargo#10460) - Don't recommend leaking tokens into the console history (rust-lang/cargo#10458) - fix some typos (rust-lang/cargo#10454) - Use `extend` instead of `push`ing in a loop (rust-lang/cargo#10453) - Use locked_version more (rust-lang/cargo#10449) - Disable dependabot (rust-lang/cargo#10443) - Update git2 dependencies (rust-lang/cargo#10442) - Stop gating stable features (rust-lang/cargo#10434)
Passing a secret on the command line leeks it into the history witch is available to other applications on the same system.
Removing the functionality is a braking change, a big ask. But it is not hard to change the docs to not recommend using
cargo login
that way.cc: