Why the HELL do people push their ~/ config files to public git repositories 🤦♂️
I was looking for a specific file and I got access to the #Trello board of this guy. This is just one example... there are SO MANY and for all tastes (GitHub, Spotify, cookies ...) #security
(if you are wondering, I mailed the guy and got a 'thanks')
@ilpianista i push my nix config as a backup and as a way for others to reproduce my system in case I need help debugging something. (Though, no credentials involved and I have selected few configs to upload)
@fabianhjr It's 10 years and 1 month (just checked!) that I keep my dotfiles repo updated, but I fear that most users don't get the purpose of it and just use git as backup tool.
@ilpianista I have even seen some repos with "binary" files (eg, pdf, images, etc) being used as a backup tool. :P
(not even with git-lfs or similar)
Why the hell would you even collect all your login credentials in one, unencrypted, file?
(If this is a total noob misconception I'm sorry but glad to have learned)
@butcher in the screenshot I'm using a cli client for Trello and each new line is a different card, but your question remains valid as they are not encrypted. No idea.
@ilpianista lazy people mistakenly will turn their homedir into a git repo and `git add . && git commit -a`. You really want to make a separate dotfiles repo and selectively copy in the non-credentials files, or better yet add a `.gitignore` that blocks any sensitive files/exts from getting into the repo by accident. In fact, someone should create a boilerplate `.gitignore` file that lists all sensitive files/ext and submit it to: https://github.com/github/gitignore
@ilpianista I see that a lot when people just do "git add ." and doesn't review what is being added.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!