On 2024/04/16 17:15:03 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> On Tue, Apr 16, 2024 at 10:11:53AM +0200, Omar Polo wrote:
> > It makes the log output more verbose as a drawback though:
> > 
> > : gotd: gotd: WARNING: Using basic authentication over plaintext http://
> > : will leak credentials; https:// is recommended for URL
> > : 'http://localhost:8000/'
> 
> Here is an alternative suggestion that avoids noise in the test suite
> and should be somewhat safer:
> 
> gotd: /home/stsp/src/got/regress/gotd/gotd.conf:7: http://localhost:8000/: \
>   HTTP notifications with basic authentication over plaintext HTTP will \
>   leak credentials; add the 'insecure' config keyword if this is intentional
> *** Error 1 in /home/stsp/src/got/regress/gotd 

not a huge fan of adding a "insecure" keyword, but it may save someone a
typo, plus the diff looks fine to me and makes the regress less chatty.
it's also slightly better than the alternative I thought of
("plaintext?"), so

ok op@

(and sorry for the delay; almost missed the mail)

side question: the `url' line is starting to become quite long, could we
make it accept arguments inside a { ... }.  Maybe

	url "http://example.org/foo" {
		user flan
		password s3cur3
		insecure
	}

could work syntax-wise?  what do you think?