|
|
|
|
|
|
by mhitza
1532 days ago
|
|
|
I get your point, because I'm "baking" some code I would like to open source one day and cleanups are in order. However, when you're closing shop dumping the code out there for others to figure out how to run, even if you can't help them set up an env from scratch still helps. I also think we need more spaghetti code out there, would help teach new developers how to maintain and refactor "legacy" code. The credentials in source code thing, I thought by this time would have been a "solved" issue, but I guess some people still yolo it :). Credentials in source code, are the equivalent of password on post it notes ;) |
|
|
While not the best security, post it notes are immune to hacking and really hard to leak without a home intrusion.
Credentials in source that won't be shared is a pretty efficient hack. Often it happens by mistake - eg. when you hard-code that credential into a bash script during testing when you're trying to curl a new API and then push it by mistake after a coworker asks for you to share your progress on a new branch for review.