Follow

Why the HELL do people push their ~/ config files to public git repositories 🤦‍♂️
I was looking for a specific file and I got access to the board of this guy. This is just one example... there are SO MANY and for all tastes (GitHub, Spotify, cookies ...)

(if you are wondering, I mailed the guy and got a 'thanks')

@ilpianista i push my nix config as a backup and as a way for others to reproduce my system in case I need help debugging something. (Though, no credentials involved and I have selected few configs to upload)

@fabianhjr It's 10 years and 1 month (just checked!) that I keep my dotfiles repo updated, but I fear that most users don't get the purpose of it and just use git as backup tool.

@ilpianista I have even seen some repos with "binary" files (eg, pdf, images, etc) being used as a backup tool. :P

(not even with git-lfs or similar)

@ilpianista
Why the hell would you even collect all your login credentials in one, unencrypted, file?

(If this is a total noob misconception I'm sorry but glad to have learned)

@butcher in the screenshot I'm using a cli client for Trello and each new line is a different card, but your question remains valid as they are not encrypted. No idea.

@ilpianista well, some people can be trusted, some can not.

@ilpianista lazy people mistakenly will turn their homedir into a git repo and `git add . && git commit -a`. You really want to make a separate dotfiles repo and selectively copy in the non-credentials files, or better yet add a `.gitignore` that blocks any sensitive files/exts from getting into the repo by accident. In fact, someone should create a boilerplate `.gitignore` file that lists all sensitive files/ext and submit it to: github.com/github/gitignore

@ilpianista I see that a lot when people just do "git add ." and doesn't review what is being added.

Sign in to participate in the conversation
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!