credential: document protocol updates

Document protocol changes after CVE-2020-11008, including the removal of
references to the override of attributes which is no longer recommended
after CVE-2020-5260 and that might be removed in the future.

While at it do some improvements for clarity and consistency.

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/git-credential.txt b/Documentation/git-credential.txt
index 6f0c7ca80f7331b103249922d54ebe692698bbe7..8d990e92fd9c03a05f099908584c22068a868904 100644 (file)
--- a/Documentation/git-credential.txt
+++ b/Documentation/git-credential.txt
@@ -103,17 +103,20 @@ INPUT/OUTPUT FORMAT
 `git credential` reads and/or writes (depending on the action used)
 credential information in its standard input/output. This information
 can correspond either to keys for which `git credential` will obtain
-the login/password information (e.g. host, protocol, path), or to the
-actual credential data to be obtained (login/password).
+the login information (e.g. host, protocol, path), or to the actual
+credential data to be obtained (username/password).
 
 The credential is split into a set of named attributes, with one
-attribute per line. Each attribute is
-specified by a key-value pair, separated by an `=` (equals) sign,
-followed by a newline. The key may contain any bytes except `=`,
-newline, or NUL. The value may contain any bytes except newline or NUL.
+attribute per line. Each attribute is specified by a key-value pair,
+separated by an `=` (equals) sign, followed by a newline.
+
+The key may contain any bytes except `=`, newline, or NUL. The value may
+contain any bytes except newline or NUL.
+
 In both cases, all bytes are treated as-is (i.e., there is no quoting,
 and one cannot transmit a value with newline or NUL in it). The list of
 attributes is terminated by a blank line or end-of-file.
+
 Git understands the following attributes:
 
 `protocol`::
@@ -123,7 +126,8 @@ Git understands the following attributes:
 
 `host`::
 
-       The remote hostname for a network credential.
+       The remote hostname for a network credential.  This includes
+       the port number if one was specified (e.g., "example.com:8088").
 
 `path`::
 
@@ -134,7 +138,7 @@ Git understands the following attributes:
 `username`::
 
        The credential's username, if we already have one (e.g., from a
-       URL, from the user, or from a previously run helper).
+       URL, the configuration, the user, or from a previously run helper).
 
 `password`::
 
@@ -146,8 +150,12 @@ Git understands the following attributes:
        value is parsed as a URL and treated as if its constituent parts
        were read (e.g., `url=https://example.com` would behave as if
        `protocol=https` and `host=example.com` had been provided). This
-       can help callers avoid parsing URLs themselves.  Note that any
-       components which are missing from the URL (e.g., there is no
-       username in the example above) will be set to empty; if you want
-       to provide a URL and override some attributes, provide the URL
-       attribute first, followed by any overrides.
+       can help callers avoid parsing URLs themselves.
+
+       Note that specifying a protocol is mandatory and if the URL
+       doesn't specify a hostname (e.g., "cert:///path/to/file") the
+       credential will contain a hostname attribute whose value is an
+       empty string.
+
+       Components which are missing from the URL (e.g., there is no
+       username in the example above) will be left unset.