Comments on: Using hoptoad in open source project deployments http://www.opensourcery.co.za/2008/09/26/using-hoptoad-in-open-source-project-deployments/ Wizardry through open source Mon, 02 May 2011 17:05:16 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: A Fresh Cup » Blog Archive » Double Shot #301 http://www.opensourcery.co.za/2008/09/26/using-hoptoad-in-open-source-project-deployments/comment-page-1/#comment-98 A Fresh Cup » Blog Archive » Double Shot #301 Mon, 29 Sep 2008 09:40:21 +0000 http://www.opensourcery.co.za/?p=101#comment-98 [...] Using hoptoad in open source project deployments - A general approach to keeping a separate deploy branch in git to hold confidential information. [...] [...] Using hoptoad in open source project deployments – A general approach to keeping a separate deploy branch in git to hold confidential information. [...]

]]> By: Kenneth Kalmer http://www.opensourcery.co.za/2008/09/26/using-hoptoad-in-open-source-project-deployments/comment-page-1/#comment-95 Kenneth Kalmer Sat, 27 Sep 2008 18:57:38 +0000 http://www.opensourcery.co.za/?p=101#comment-95 That is a tough one JGeiger, and it has been covered on the Rails Core list as well (Cookie session security and open-source : http://groups.google.com/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3?hl=en). I guess there are three options you have: 1. Contact the developer(s) of the code and point them to the above thread, hope they fix it. 2. Using the above advice, provide a patch to them making your case. 3. Manage conflicts :( I have to admit I fell victim to this, so I just updated PowerDNS on Rails to read those values from the database.yml file. I also made a new post to detail the changes (http://www.opensourcery.co.za/2008/09/27/open-source-rails-projects-make-sure-youre-safe/) Thanks for bringing it up! That is a tough one JGeiger, and it has been covered on the Rails Core list as well (Cookie session security and open-source : http://groups.google.com/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3?hl=en).

I guess there are three options you have:

1. Contact the developer(s) of the code and point them to the above thread, hope they fix it.
2. Using the above advice, provide a patch to them making your case.
3. Manage conflicts :(

I have to admit I fell victim to this, so I just updated PowerDNS on Rails to read those values from the database.yml file. I also made a new post to detail the changes (http://www.opensourcery.co.za/2008/09/27/open-source-rails-projects-make-sure-youre-safe/)

Thanks for bringing it up!

]]> By: JGeiger http://www.opensourcery.co.za/2008/09/26/using-hoptoad-in-open-source-project-deployments/comment-page-1/#comment-94 JGeiger Fri, 26 Sep 2008 20:25:23 +0000 http://www.opensourcery.co.za/?p=101#comment-94 With two branches, how do you handle config/environment.rb which has things in it like: config.action_controller.session = { :session_key => '_app_session', :secret => 'secret' } It would seem to me that every time you merge from master down to deploy, you have to deal with that conflict. Did you find a way around that, or do you just use the same secret key that the OSS project is using? (Which I would think is a bad thing) With two branches, how do you handle config/environment.rb which has things in it like:

config.action_controller.session = {
:session_key => ‘_app_session’,
:secret => ‘secret’
}

It would seem to me that every time you merge from master down to deploy, you have to deal with that conflict. Did you find a way around that, or do you just use the same secret key that the OSS project is using? (Which I would think is a bad thing)

]]>