Add unmaintained dotenv & Co.
#1359
Conversation
|
I would not object either (1) to adding this advisory now or (2) to waiting until Dylan-DPC is added as an owner of |
Signed-off-by: pinkforest <[email protected]>
|
Both crates imply - and are pretty transparent - that it is not to be used in production environment outside dev or test. For this reason I would naively propose to close this issue. I mean should we care about crates which are destined to dev and test only ? Perhaps yes. Would be keen to hear more opinions as to whether merge or close .. 🤷♀️ |
pinkforest
added
Feedback
@pinkforest Hi, I am the maintainer of the As stated on the README, dotenvy is convenient for dev environments. This does not mean that it is not intended for prod. Also noting that Dylan-DPC has been added to the repo on Aug 14. Release v0.15.2 was also put out today. Thanks for your interest in dotenv/dotenvy! |
|
Okay. Proposing to merge then and let's see if anyone objects. |
pinkforest
added
Propose-Merge
|
Since the maintainers are truly not reachable and this is widely used with no maintenance, we'll merge as nobody is objecting. Regardless that the crate says it is only for dev/test there is evidence that it is used more than that and we should perhaps advise on that. Thanks all! If the maintainer comes back or someone picks up dotenv we can withdraw this but we'll recommend dotenvy as actionable fix in the meantime. |
Closes #1254
@JohnTitor @est31 @8573 would you mind reviewing pls
Should we recommend dotenvy as an alternative or something else as per #1254 (comment) ?
Note: I would be slightly hesistant to proceed with unmaintained when the crate says it is intended to be used only in test / dev env - nonetheless there are associated monorepo dotenv_ crates which don't mention this and seem to be used elsewhere
EDIT: the associated monorepo crates also mention about intended use in dev / test only.
Thx.