-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rename Movefile to movefile.yaml by default #424
Conversation
cff3001
to
161489f
Compare
I'm having some problems because |
In reply to @nlemoine 's #46 (comment) I'm ok with the I'm improving the code to better handle variations. |
Didn't think about this, you're right! |
That is fucking green! 🎉 Doing some other live tests |
7b90ebc
to
c474eb0
Compare
I've tested and it works well. I've also squashed all the commits into 1 clear commit to not pollute repo history. Wiki is also updated here and we have a new post-installation message mentioning the new feature. 1 thing to spot out: no problem when you start out a new project, but if you update an existing one, you have to update the When starting clean, the generated |
Great! 👍
I think
What do you think? |
That's what I intended w/ "no problem when you start out a new project" ;) Take a look at the template here |
@nlemoine I've released the updated gem, so you can also try to do a |
Sure thing. But you have quite a large community already using Wordmove. Meaning they already have a Thus, they could accidentally publish a Besides, IMHO, the only fact that uploading a file that contains nearly all possible credentials and is certainly useless on a server in every case is a strong enough argument. Moreover, It would strip a few lines from the |
Ok, just realized that if you have a However, I still think the last part of my comment remains relevant (publishing a flat file containing most credentials). |
Well, let's start from a philosophical point of view: Wordmove is not a plugin, but it's a tool. Just like with a hammer you have to know to hit the nail and keep your fingers safe, I think that using Wordmove you have to be aware of a lot of critical things: you may need to know how rsync mirroring works, what advanced options it offers, same thing for mysqldump, you have to know your environment (executables in PATH, etc) and so on and so forth. Wordmove does not aim to prevent all the dangerous scenarios by itself for 2 main reasons: 1) it is so flexible that it fits too many scenarios and so is not possible to programmatically anticipate all of them 2) it would become too hard to maintain and to develop - and believe me: it's really hard. That said: I really like the way you approach to the problem, so, please, let's consider these 2 scenarios in our discussion. I've just updated to version 2.2.0 and I have an existent project
I've just updated to version 2.2.0 and I start a new project
In order to avoid the last point of the first scenario I'd have to implement something like:
That said I can't hardcode exclusion of custom named movefiles - they are supported by wordmove - nor the exclusion of the (i-see-what-u-did-there) Movefile_bak/_old/_prev. So we can write a little feature supporting the officials naming, but then we'll have the responsibility to document that we cannot do black magic if you choose to adopt supported custom names. This is a trade off in my opinion. I'd take some time to think about this one and choose between improving the documentation on the main README - in order to have more conscious users - and implement a guard feature. |
Thanks for the very detailed reply and arguments.
I don't totally agree with this and I guess many issues you probably deal with every week on GH prove it (especially with the Anyway, this a more global view that's a bit outside the scope of this discussion. I totally understand your point of view and think you're right about the exclusion policy of this tool. After all, Wordmove is not targeting end users but developers who should be aware that with great power comes great responsibility 😄 An explicit warning/disclaimer in README about what can go wrong when using Wordmove (deleting files, publishing unwanted files, etc.) is probably the right direction on this. This is more a documentation effort to encourage users to adopt best practices like password less authentication, protecting sensible files access, etc. With the coming |
No description provided.