Hello, I'd like to get some feedback on a configuration idea.
The gitorious.yml file contains a "cookie_secret" session key. Other than this one parameter, gitorious.yml doesn't contain any cryptographic material. I think it would be advantageous to move this one parameter out into its own file, cookie.yml[1]. Once this is done, the gitorious.yml file is no longer security-sensitive. Here's two use cases I envision: 1) A user needs help debugging his or her Gitorious install, so they pastebin their entire gitorious.yml file. 2) I publish my Gitorious configuration as a Puppet module on the internet[2], and it's safe to publish gitorious.yml while keeping the security-relevant files (database.yml and cookie.yml) outside of Puppet. What do you think? - Ken [1] https://gitorious.org/~ktdreyer/gitorious/ktdreyers-mainline/commit/91ae01c4bfb9bed77df316d475b50dae4f4c6668 [2] https://gitorious.org/ktdreyer/gitorious-puppet/blobs/master/modules/gitorious/templates/gitorious.yml.erb#line56 -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
