On Jun 11, 2008, at 11:41 AM, Mislav Marohnić wrote: > But I'm worried what about new users? This pratice encourages them > to version their passwords. Rails is opinionated and we have to > choose which practice we will encourage. Will it be database info in > ruby or YAML? >
I don't think this encourages new users to version their passwords any more than they are now. In fact, because there is no username/password generated in the production config, I think it guides them towards _not_ versioning their *production* credentials. If you try to set username/password directly in your production configuration, the application won't start. Those taking the path of least resistance will generate their app, get something small working and then check it in. When they get to the point where they want to deploy, they will have to either add a credentials file to source control (the bad route) or tweak their deploy script to symlink the credentials (the good route). Perhaps generated applications could have more verbiage encouraging developers to store their credentials outside of source control and link it into the application at deploy-time? Besides that, there's only so much vinegar and hand-holding one can apply. ;) -- ~akk http://therealadam.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
