undefined | Better HN

0 pointsbeberlei9y ago0 comments

god beware if your open source project needs a single private repository to share passwords between admins for example or private config for your webserver. Suddenly you see yourself at 394$ compared to the 7$ you paid before.

0 comments

morgante9y ago

> beware if your open source project needs a single private repository to share passwords

Passwords emphatically do not belong in git.

Your private repos should be maintained such that accessing them would not compromise your security.

beberleiOP9y ago

if you share Ansible inventory files that are encrypted with ansible-vault, then this is not happening. But i still wouldn't want to have a public repository with the files and the metadata of servers that is clearly not meant for public consumption.

Let me brig another example for OSS projects that could need a private repository: branches for security fixes that are not public yet.

alxndr9y ago

> "branches for security fixes that are not public yet"

A private git server would probably be better for that, but also wouldn't cost $0.

pc869y ago

> a single private repository to share passwords between admins

Please tell me you're kidding.

CameronBanga9y ago

I hope that any team using github to share passwords is driven to move away from that method because of this price change. That's a bad bad idea.

brianwawok9y ago

Why? If it is Encrypted in ansible vault or something it's not a terrible way to keep your creds.

frostymarvelous9y ago

I think that wasn't clear initially. But granted, valid point.

morgante9y ago

If they're encrypted, you can put them in a public repo.

1 more reply

frostymarvelous9y ago

What's wrong with using Dropbox or something like that?

j / k navigate · click thread line to collapse

0 comments

morgante9y ago

> beware if your open source project needs a single private repository to share passwords

Passwords emphatically do not belong in git.

Your private repos should be maintained such that accessing them would not compromise your security.

beberleiOP9y ago

Let me brig another example for OSS projects that could need a private repository: branches for security fixes that are not public yet.

alxndr9y ago

> "branches for security fixes that are not public yet"

A private git server would probably be better for that, but also wouldn't cost $0.

pc869y ago

> a single private repository to share passwords between admins

Please tell me you're kidding.

CameronBanga9y ago

I hope that any team using github to share passwords is driven to move away from that method because of this price change. That's a bad bad idea.

brianwawok9y ago

Why? If it is Encrypted in ansible vault or something it's not a terrible way to keep your creds.

frostymarvelous9y ago

I think that wasn't clear initially. But granted, valid point.

morgante9y ago

If they're encrypted, you can put them in a public repo.

1 more reply

frostymarvelous9y ago

What's wrong with using Dropbox or something like that?

j / k navigate · click thread line to collapse