I think this sounds like a good idea.
The only issue that remains then is to make sure that the session key is
actually generated/updates by each site admin/owner - perhaps leave an
entry in the gitorious.yml as a reminder (to the person setting up while
following an old/outdated install
Hello,
I'd like to get some feedback on a configuration idea.
The gitorious.yml file contains a cookie_secret session key. Other
than this one parameter, gitorious.yml doesn't contain any
cryptographic material. I think it would be advantageous to move this
one parameter out into its own file,