

A reminder that uploading config files to public websites is dumb - username223
http://arstechnica.com/security/2015/03/ubers-epic-db-blunder-is-hardly-an-exception-github-is-awash-in-passwords/

======
username223
Note that this is not just a matter of "don't upload your production
credentials to GitHub." Don't upload your personal or test ones either,
because there's a good chance that they're correlated, or that you'll make a
mistake. And there's a good chance some of this information will sneak into
your config files. Just don't do it.

