Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's a lot of dotfiles on Github and it doesn't seem to be a problem (Except if you check in private credentials, but that's not a problem unique to dotfiles).

If you rely on your configuration to be secret to be secure it's just security by obscurity and not worth much anyway.



> If you rely on your configuration to be secret to be secure it's just security by obscurity and not worth much anyway.

What I had in mind is that the average person wouldn't be a target, but publicly declaring their security vulnerability would attract attacks they wouldn't receive otherwise.


Only key harvester bots on GitHub/etc would notice. If you’re being consciously attacked by someone then you have bigger problems to deal with.

The solution isn’t particularly hard either, simply source a secrets file and make sure you add that to the gitignore file.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: