GitHub -> GitLab transition

This forum is reserved for everything you want to talk about. It could be about programming, opinions, open source programs, development in general, or just cool stuff to share!
Post Reply
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 5315
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

GitHub -> GitLab transition

Post by ONEEYEMAN »

Hi,
Does anyone performed such transition?
With GitHub moving to some auto-generated passwords which they want to call "token" (why - I don't know), I want to move away from those guys.

The best closest is GitLab.

So - does anyone here perform such transition?
Is GitLab has the same interface as GitHub?

Thank you for any pointers.

P.S.: Apologies if this doesn't belong in this sub-forum.

Moderator: Well, it clearly had nothing to do with C++ wxWidgets classes, which is what C++ Development, where you created it, is for; nor with Compiling, nor Platform-related, or...
Perhaps in the future you might find the index.php sub-forum descriptions helpful.

Thank you.
Last edited by DavidHart on Thu May 06, 2021 5:43 pm, edited 1 time in total.
Reason: Suggestion of how to decide which subforum is best for future topics.
utelle
Moderator
Moderator
Posts: 1046
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Re: GitHub -> GitLab transition

Post by utelle »

ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm Does anyone performed such transition?
I work with both, GitHub and GitLab. I use GitHub for my Open Source projects and GitLab for some commercial projects (collaboration with the customers). And to be frank, I don't intend to move my personal projects to GitLab. So, I don't have actual experience with transitions. However, both systems are very similar regarding features and transfering a git repository from one system to the other should not be a big deal.
ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm With GitHub moving to some auto-generated passwords which they want to call "token" (why - I don't know), I want to move away from those guys.
As far as I can tell GitHub only retired authentication via basic authentication. And this is a good decision, because basic authentication means that user id and password are transferred as plain text to the server - really not good in respect to security. In addition to personal tokens you can also use SSH keys or GPG keys for authentication. So, GitHub's decision to drop support for basic authentication seems not to be a valid argument to move away from GitHub.
ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm The best closest is GitLab.
If you need support for basic authentication, GitLab is probably not an alternative, because they, too, require personal access tokens or other means (like SSH or GPG keys) for authentication. (see GitLab Authentication)
ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm Is GitLab has the same interface as GitHub?
GitLab's interface is not identical to GitHub's, but quite similar.
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 5315
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

Re: GitHub -> GitLab transition

Post by ONEEYEMAN »

Hi, Ulrich,
utelle wrote: Fri May 07, 2021 1:09 pm
ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm Does anyone performed such transition?
I work with both, GitHub and GitLab. I use GitHub for my Open Source projects and GitLab for some commercial projects (collaboration with the customers). And to be frank, I don't intend to move my personal projects to GitLab. So, I don't have actual experience with transitions. However, both systems are very similar regarding features and transfering a git repository from one system to the other should not be a big deal.
Yes, I get that.
After all, they are both git-based. ;-)
utelle wrote: Fri May 07, 2021 1:09 pm
ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm With GitHub moving to some auto-generated passwords which they want to call "token" (why - I don't know), I want to move away from those guys.
As far as I can tell GitHub only retired authentication via basic authentication. And this is a good decision, because basic authentication means that user id and password are transferred as plain text to the server - really not good in respect to security. In addition to personal tokens you can also use SSH keys or GPG keys for authentication. So, GitHub's decision to drop support for basic authentication seems not to be a valid argument to move away from GitHub.
You understanding is correct. However, what they do instead is very weird.
What they offer should not be called "token".
"Token" is something that is generated every time someone wants to login to the site/service. As an example - take a look at the AxiadID mobile application (this is what my company isusing to authenticate).
So what happen is I open the home page, give my user id/password, then I enter my PIN, and then on my phone I receive a notification from this app.
I then open it, and long press a green button. The app generates a login token which is sent to my company website and I have a successful login.

So all in all "token" is something that is generated every time someone is trying to login.
However, this is not the case here with GitHub.
What they are trying to offer is some kind of autogenerated password/passphrase which will give me an authentication to the GitHub service.
Now all this ios good -but no one in their right mind will be able to remember a bunch of nonsense. So people will need a way to store those auto generated passwords somewhere locally, so that when the git is trying to login thse credentials will be picked up and sent to their servers.
Even if I want to authenticate with the SSH or GPG keys I need to store them somewhere.

Also, my understanding is that only "PAT" will be supported as a password replacements for a free account on GitHub. Everything else is for a paid account. I maybe wrong here though.

And so now here comes a big issue - how do I store all this - on my machines running all Windows, *nix (GNOME/KDE) and Mac, so that when I want to login to pull/push those credentials will be automatically picked up and I won't need to type them?

With the passwords, I was able to work on Windows by typing it on every "git push". That passowrd was saved somewhere in git configuration on my GNOME machine. On KDE I had to enter it, because apparently KWallet was incompatible with git and so was on Mac.
utelle wrote: Fri May 07, 2021 1:09 pm
ONEEYEMAN wrote: Thu May 06, 2021 5:26 pm The best closest is GitLab.
If you need support for basic authentication, GitLab is probably not an alternative, because they, too, require personal access tokens or other means (like SSH or GPG keys) for authentication. (see GitLab Authentication)
OK.
Now I understand that security is a big concern - we do live in XXI century where people are stealing PII.
And especially so, since many people have their passwords re-usable.

But calling it PAT when in fact it is just another form of password (see above) - is just weird or plain wrong/ugly.

And moreover - not providing a way to save this "auto-generated passwords" is not a nice.

Thank you.
utelle
Moderator
Moderator
Posts: 1046
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Re: GitHub -> GitLab transition

Post by utelle »

ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm You understanding is correct. However, what they do instead is very weird.
What they offer should not be called "token".
"Token" is something that is generated every time someone wants to login to the site/service.
No, this is not correct. In general, a token is simply an object that represents something else, such as another object or an abstract concept. In computers, there are a number of types of tokens. The token type you describe is a "One-Time Password token" (OTP token in short).
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm As an example - take a look at the AxiadID mobile application (this is what my company isusing to authenticate).
So what happen is I open the home page, give my user id/password, then I enter my PIN, and then on my phone I receive a notification from this app.
I then open it, and long press a green button. The app generates a login token which is sent to my company website and I have a successful login.
For login to the GitHub web interface you can still use user id and password - and this will not be replaced by the "personal access token" if I understood it correctly. Additionally, you can activate 2FA, so that you have a similar procedure as you described above.

The "personal access token" serves a different purpose. You use it for automated access to GitHub via scripts or applications. The advantage over "user id + password" is that you can have more than one token with varying access rights. So it is less likely that your whole account is compromised, if someone gets access to your token.
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm What they are trying to offer is some kind of autogenerated password/passphrase which will give me an authentication to the GitHub service.
Now all this ios good -but no one in their right mind will be able to remember a bunch of nonsense. So people will need a way to store those auto generated passwords somewhere locally, so that when the git is trying to login thse credentials will be picked up and sent to their servers.
Even if I want to authenticate with the SSH or GPG keys I need to store them somewhere.
Yes, you are right. Of course, the PAT has to be saved on the computer. For example, under Windows this can be done with the credential manager. The git client retrieves it from there, so that you don't have to enter it manually over and over again.
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm Also, my understanding is that only "PAT" will be supported as a password replacements for a free account on GitHub. Everything else is for a paid account. I maybe wrong here though.
As far as I can tell this is not correct. PAT and OAuth are for automated tasks and do not replace user id+password for manual login. And for a free account you can activate 2FA, add SSH and GPG keys and so on. For example, I added a GPG key, so that I can sign my commits and they are displayed as "verified".
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm And so now here comes a big issue - how do I store all this - on my machines running all Windows, *nix (GNOME/KDE) and Mac, so that when I want to login to pull/push those credentials will be automatically picked up and I won't need to type them?
I agree this is a bit cumbersome, but after you have generated a PAT in your GitHub account, it will be visible on screen and you can copy&paste it into a file for transfer to another computer. On Windows you have the credential manager where the PAT can be stored. Other operating systems usually offer similar methods.
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm With the passwords, I was able to work on Windows by typing it on every "git push". That passowrd was saved somewhere in git configuration on my GNOME machine. On KDE I had to enter it, because apparently KWallet was incompatible with git and so was on Mac.
On Windows I use the TortoiseGit client. I had to enter the PAT only once. It was then stored in the credential manager. Thereafter I didn't have to enter it again to perform push operations. On other systems it will depend on the used git client.
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm Now I understand that security is a big concern - we do live in XXI century where people are stealing PII.
And especially so, since many people have their passwords re-usable.

But calling it PAT when in fact it is just another form of password (see above) - is just weird or plain wrong/ugly.
PAT is certainly not the best solution, but better (slightly more secure) than user id + password.

If you want to be on the safe side, use SSH keys, see connect to GitHub with SSH. You have to configure your git client to use the SSH protocol and your private SSH key.
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm And moreover - not providing a way to save this "auto-generated passwords" is not a nice.
Well, on the GitHub web page where you generate the PAT there is a button to save the PAT to the clipboard, so that you can paste it for example to a file.

With SSH or GPG keys it's a bit different. You can export your public and/or private keys to a file for transferring them to a different computer and import them there.
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 5315
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

Re: GitHub -> GitLab transition

Post by ONEEYEMAN »

Ulrich,
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm You understanding is correct. However, what they do instead is very weird.
What they offer should not be called "token".
"Token" is something that is generated every time someone wants to login to the site/service.
No, this is not correct. In general, a token is simply an object that represents something else, such as another object or an abstract concept. In computers, there are a number of types of tokens. The token type you describe is a "One-Time Password token" (OTP token in short).
Hm, OK.
I always thought of a token as a one-time thing.
But maybe you are right and the meaning was changed (recently).
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm As an example - take a look at the AxiadID mobile application (this is what my company isusing to authenticate).
So what happen is I open the home page, give my user id/password, then I enter my PIN, and then on my phone I receive a notification from this app.
I then open it, and long press a green button. The app generates a login token which is sent to my company website and I have a successful login.
For login to the GitHub web interface you can still use user id and password - and this will not be replaced by the "personal access token" if I understood it correctly. Additionally, you can activate 2FA, so that you have a similar procedure as you described above.
Errr, what is "2FA?
utelle wrote: Fri May 07, 2021 9:04 pm The "personal access token" serves a different purpose. You use it for automated access to GitHub via scripts or applications. The advantage over "user id + password" is that you can have more than one token with varying access rights. So it is less likely that your whole account is compromised, if someone gets access to your token.
But that's the thing - I don't want an automated access. I don't use scripts? I don't use GitHub API.
I'm using the GitHub as a code storage and to transfer my commits between different machines (OSes).
I think this is what 90% of developers use GitHub for.

From reading their documentation it looks like MS wants to couple the GitHub service with the social media and wants to tighten the security.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm What they are trying to offer is some kind of autogenerated password/passphrase which will give me an authentication to the GitHub service.
Now all this ios good -but no one in their right mind will be able to remember a bunch of nonsense. So people will need a way to store those auto generated passwords somewhere locally, so that when the git is trying to login thse credentials will be picked up and sent to their servers.
Even if I want to authenticate with the SSH or GPG keys I need to store them somewhere.
Yes, you are right. Of course, the PAT has to be saved on the computer. For example, under Windows this can be done with the credential manager. The git client retrieves it from there, so that you don't have to enter it manually over and over again.
I'm really an old-school developer and do my work in the Git Bash.
I just type "git pull" or "git push" and expect that everything just works.
Now at this moment when I'm on Windows - after typing "git push" I don't have to type UserID/Password. But when I'm on Linux/GNOME or Linux/kDE - git is asking me for credentials.
And KWallet is not working - at least it didn't.
I'm rebuilding my KDE machine - so we will see.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm Also, my understanding is that only "PAT" will be supported as a password replacements for a free account on GitHub. Everything else is for a paid account. I maybe wrong here though.
As far as I can tell this is not correct. PAT and OAuth are for automated tasks and do not replace user id+password for manual login. And for a free account you can activate 2FA, add SSH and GPG keys and so on. For example, I added a GPG key, so that I can sign my commits and they are displayed as "verified".
I hope you are right. ;-)
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm And so now here comes a big issue - how do I store all this - on my machines running all Windows, *nix (GNOME/KDE) and Mac, so that when I want to login to pull/push those credentials will be automatically picked up and I won't need to type them?
I agree this is a bit cumbersome, but after you have generated a PAT in your GitHub account, it will be visible on screen and you can copy&paste it into a file for transfer to another computer. On Windows you have the credential manager where the PAT can be stored. Other operating systems usually offer similar methods.
How?
Does this credential manager available on Windows 8?
Ansd what about Linux/Mac?
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm With the passwords, I was able to work on Windows by typing it on every "git push". That passowrd was saved somewhere in git configuration on my GNOME machine. On KDE I had to enter it, because apparently KWallet was incompatible with git and so was on Mac.
On Windows I use the TortoiseGit client. I had to enter the PAT only once. It was then stored in the credential manager. Thereafter I didn't have to enter it again to perform push operations. On other systems it will depend on the used git client.
See above.
I just use "git" + "git Bash".
After the install I had to connect to GitHub for the first time to authenticate, but after that - it just worked.
And on Linux/Mac - I just use git from the Terminal - no GUI,.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm Now I understand that security is a big concern - we do live in XXI century where people are stealing PII.
And especially so, since many people have their passwords re-usable.

But calling it PAT when in fact it is just another form of password (see above) - is just weird or plain wrong/ugly.
PAT is certainly not the best solution, but better (slightly more secure) than user id + password.

If you want to be on the safe side, use SSH keys, see connect to GitHub with SSH. You have to configure your git client to use the SSH protocol and your private SSH key.
ONEEYEMAN wrote: Fri May 07, 2021 4:52 pm And moreover - not providing a way to save this "auto-generated passwords" is not a nice.
Well, on the GitHub web page where you generate the PAT there is a button to save the PAT to the clipboard, so that you can paste it for example to a file.

With SSH or GPG keys it's a bit different. You can export your public and/or private keys to a file for transferring them to a different computer and import them there.
Do you use GUI cvlient on non-Windows platform as well?

Thank you.
utelle
Moderator
Moderator
Posts: 1046
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Re: GitHub -> GitLab transition

Post by utelle »

ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm I always thought of a token as a one-time thing.
But maybe you are right and the meaning was changed (recently).
Well, for sure the meaning of the word "token" was not changed recently. In fact, it is a very generic word (see wikipedia).
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm
utelle wrote: Fri May 07, 2021 9:04 pm For login to the GitHub web interface you can still use user id and password - and this will not be replaced by the "personal access token" if I understood it correctly. Additionally, you can activate 2FA, so that you have a similar procedure as you described above.
Errr, what is "2FA?
2FA = 2 Factor Authentication - that is, in addition to user id and password you need an additional separate channel or gadget (for exchanging information) like an app on your smartphone you have in your posession.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm But that's the thing - I don't want an automated access. I don't use scripts? I don't use GitHub API.
I'm using the GitHub as a code storage and to transfer my commits between different machines (OSes).
I think this is what 90% of developers use GitHub for.
From GitHub's point of view you are "scripting" your git client, even if you do it from the command line in a git bash shell. And at least for push operations you have to authenticate yourself. GitHub (as well as GitLab) offers several methods for authentication. One of them is the PAT. Combined with HTTPS it is reasonably secure, even though the PAT is sent over basic authentication. However, using SSH is more secure.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm From reading their documentation it looks like MS wants to couple the GitHub service with the social media and wants to tighten the security.
Well, adding security is not a bad idea these days, but it comes at a price. For us, the users, it is usually rather cumbersome.

I have to admit that I didn't follow what MS plans in respect to GitHub and so-called "social media". Personally, I'm not interested in the latter and will try to avoid them - at least on GitHub.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm I'm really an old-school developer and do my work in the Git Bash.
I just type "git pull" or "git push" and expect that everything just works.
Well, you could call me a "dinosaur developer", too. For many operations I use Git Bash, but for some tasks (like for example inspecting logs) a GUI like TortoiseGit is more convenient.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm Now at this moment when I'm on Windows - after typing "git push" I don't have to type UserID/Password.
When you accessed your repository for the first time, you certainly had to enter your user id and password once, and git saved it - where, depends on how you configured git. On Windows the credentials are usually saved via the Windows credential manager.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm But when I'm on Linux/GNOME or Linux/kDE - git is asking me for credentials.
And KWallet is not working - at least it didn't.
I'm rebuilding my KDE machine - so we will see.
Usually this should only be a question of configuring git appropriately - see Git documentation.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm
utelle wrote: Fri May 07, 2021 9:04 pm I agree this is a bit cumbersome, but after you have generated a PAT in your GitHub account, it will be visible on screen and you can copy&paste it into a file for transfer to another computer. On Windows you have the credential manager where the PAT can be stored. Other operating systems usually offer similar methods.
How?
Does this credential manager available on Windows 8?
And what about Linux/Mac?
The credential manager was and is part of Windows - at least since Windows 7, but most likely already in earlier versions.

The Git documentation should give you pointers how to accomplish saving your credentials on the various platforms.
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm Do you use GUI client on non-Windows platform as well?
Yes, but less frequently than on Windows. git includes git-gui which for me is usually sufficient, but there are quite a few git GUI clients available. However, I can't recommend any in particular, because I do most of my development on Windows.
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 5315
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

Re: GitHub -> GitLab transition

Post by ONEEYEMAN »

Ulrich,
utelle wrote: Fri May 07, 2021 11:15 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm I always thought of a token as a one-time thing.
But maybe you are right and the meaning was changed (recently).
Well, for sure the meaning of the word "token" was not changed recently. In fact, it is a very generic word (see wikipedia).
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm
utelle wrote: Fri May 07, 2021 9:04 pm For login to the GitHub web interface you can still use user id and password - and this will not be replaced by the "personal access token" if I understood it correctly. Additionally, you can activate 2FA, so that you have a similar procedure as you described above.
Errr, what is "2FA?
2FA = 2 Factor Authentication - that is, in addition to user id and password you need an additional separate channel or gadget (for exchanging information) like an app on your smartphone you have in your posession.
Never heard such abbreviation before.
And I was in US Military Security School. ;-)
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm But that's the thing - I don't want an automated access. I don't use scripts? I don't use GitHub API.
I'm using the GitHub as a code storage and to transfer my commits between different machines (OSes).
I think this is what 90% of developers use GitHub for.
From GitHub's point of view you are "scripting" your git client, even if you do it from the command line in a git bash shell. And at least for push operations you have to authenticate yourself. GitHub (as well as GitLab) offers several methods for authentication. One of them is the PAT. Combined with HTTPS it is reasonably secure, even though the PAT is sent over basic authentication. However, using SSH is more secure.
OK.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm From reading their documentation it looks like MS wants to couple the GitHub service with the social media and wants to tighten the security.
Well, adding security is not a bad idea these days, but it comes at a price. For us, the users, it is usually rather cumbersome.

I have to admit that I didn't follow what MS plans in respect to GitHub and so-called "social media". Personally, I'm not interested in the latter and will try to avoid them - at least on GitHub.
Amen ;-)

utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm I'm really an old-school developer and do my work in the Git Bash.
I just type "git pull" or "git push" and expect that everything just works.
Well, you could call me a "dinosaur developer", too. For many operations I use Git Bash, but for some tasks (like for example inspecting logs) a GUI like TortoiseGit is more convenient.
No, dinosaur is too old for me. ;-)
Bt I agree that some operation is better on the GUI.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm Now at this moment when I'm on Windows - after typing "git push" I don't have to type UserID/Password.
When you accessed your repository for the first time, you certainly had to enter your user id and password once, and git saved it - where, depends on how you configured git. On Windows the credentials are usually saved via the Windows credential manager.
As I said - first time I had to login thru the web interface to authenticate.
And then yes - git saved it somewhere. Whether its a credential manager or not - I don't know.
Like I said - I have Windows 8.1 here.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm But when I'm on Linux/GNOME or Linux/kDE - git is asking me for credentials.
And KWallet is not working - at least it didn't.
I'm rebuilding my KDE machine - so we will see.
Usually this should only be a question of configuring git appropriately - see Git documentation.
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm How?
Does this credential manager available on Windows 8?
And what about Linux/Mac?
The credential manager was and is part of Windows - at least since Windows 7, but most likely already in earlier versions.

The Git documentation should give you pointers how to accomplish saving your credentials on the various platforms.
K, now it time for reading... ;-)
utelle wrote: Fri May 07, 2021 9:04 pm
ONEEYEMAN wrote: Fri May 07, 2021 9:31 pm Do you use GUI client on non-Windows platform as well?
Yes, but less frequently than on Windows. git includes git-gui which for me is usually sufficient, but there are quite a few git GUI clients available. However, I can't recommend any in particular, because I do most of my development on Windows.
utelle
Moderator
Moderator
Posts: 1046
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Re: GitHub -> GitLab transition

Post by utelle »

ONEEYEMAN wrote: Sat May 08, 2021 1:09 am
utelle wrote: Fri May 07, 2021 11:15 pm 2FA = 2 Factor Authentication - that is, in addition to user id and password you need an additional separate channel or gadget (for exchanging information) like an app on your smartphone you have in your posession.
Never heard such abbreviation before.
And I was in US Military Security School. ;-)
It is mentioned in the GitHub documentation about 2FA.
ONEEYEMAN wrote: Sat May 08, 2021 1:09 am No, dinosaur is too old for me. ;-)
Someone has to code for Jurassic Park. :wink:
ONEEYEMAN wrote: Sat May 08, 2021 1:09 am [...] - git saved it somewhere. Whether its a credential manager or not - I don't know.
Like I said - I have Windows 8.1 here.
Most likely, because it is the default used by git for Windows. You can check it by opening the Windows Credential Manager. Just enter "credentials" in the search field on the Windows taskbar and select the "Windows Credential Manager". It should then be listed under "Windows credentials -> Generic credentials".
ONEEYEMAN wrote: Sat May 08, 2021 1:09 am
utelle wrote: Fri May 07, 2021 9:04 pm The Git documentation should give you pointers how to accomplish saving your credentials on the various platforms.
K, now it time for reading... ;-)
That may be a way to solve the issue. :wink:
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 5315
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

Re: GitHub -> GitLab transition

Post by ONEEYEMAN »

Ulrich,
Thank you for providing the link to the documentation. It was helpful.
However, they don't talk about Linux.

They explain how to set this up in Windows and OSX, but not for **nix.

Any idea?

Thank you
utelle
Moderator
Moderator
Posts: 1046
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Re: GitHub -> GitLab transition

Post by utelle »

ONEEYEMAN wrote: Mon May 17, 2021 5:04 am Thank you for providing the link to the documentation. It was helpful.
However, they don't talk about Linux.
Well, the default case is Linux, for which git provides cache mode (probably not very helpful, because the cache is only used during a single session), and store mode (problematic, because user id and password are saved in a plain text file in clear text).
ONEEYEMAN wrote: Mon May 17, 2021 5:04 am They explain how to set this up in Windows and OSX, but not for **nix.

Any idea?
Maybe the following blog post helps: https://www.softwaredeveloper.blog/git- ... -libsecret

Another secure alternative is to use SSH protocol and keys.
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 5315
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

Re: GitHub -> GitLab transition

Post by ONEEYEMAN »

Ulrich,
utelle wrote: Mon May 17, 2021 7:58 am
ONEEYEMAN wrote: Mon May 17, 2021 5:04 am Thank you for providing the link to the documentation. It was helpful.
However, they don't talk about Linux.
Well, the default case is Linux, for which git provides cache mode (probably not very helpful, because the cache is only used during a single session), and store mode (problematic, because user id and password are saved in a plain text file in clear text).
I don't care much.
It will be me and me only who uses the machine and operates with git.
And as long as no one hacks GitHub, I will be ok.
ONEEYEMAN wrote: Mon May 17, 2021 5:04 am They explain how to set this up in Windows and OSX, but not for **nix.

Any idea?
Maybe the following blog post helps: https://www.softwaredeveloper.blog/git- ... -libsecret

Another secure alternative is to use SSH protocol and keys.
[/quote]
I will look at that blog.

Thank you.
Post Reply