This is a terrible idea, but can be fixed. The problem is that it makes the dotfiles public. These are files that are normally private, and so it would be easy to forget that you've exposed them and do something like add a shell alias or vim macro that includes sensitive information.
Replace Github with Dropbox and you'll be a lot safer. You can still use Git to manage revisions. That part of the idea was fine. Just don't have the remote repository on a public service unless you are sure you can avoid errors.
For things that allow this like Emacs and Bash, I separate things into (for example) a config and a config-private repo. The config repo I put on github, and the private repo on my own server.
Then, with the public config file (~/.emacs.d/init.el and ~/.bashrc) I load a file based on the hostname that contains location-specific and private information.
This is useful because I can use the same framework at work and on personal machines. I don't have to mix the two.
As someone who keeps his dotfiles on Github (but is sure, for the moment at least, that there's nothing sensitive in there) I'm having a hard time imagining what sort of sensitive information a shell alias or a vim macro could expose to a potential attacker. Can you be more specific?
5 comments
[ 3.2 ms ] story [ 18.2 ms ] threadReplace Github with Dropbox and you'll be a lot safer. You can still use Git to manage revisions. That part of the idea was fine. Just don't have the remote repository on a public service unless you are sure you can avoid errors.
Then, with the public config file (~/.emacs.d/init.el and ~/.bashrc) I load a file based on the hostname that contains location-specific and private information.
This is useful because I can use the same framework at work and on personal machines. I don't have to mix the two.