Giters

joho / godotenv

A Go port of Ruby's dotenv library (Loads environment variables from .env files)

Home Page:http://godoc.org/github.com/joho/godotenv

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

godotenv is "complete" and not accepting feature requests

joho opened this issue · comments

commented

As of June 2022 I'm declaring godotenv roughly complete and will not be accepting feature requests, nor pull requests adding new functionality or breaking API changes.

Exceptions will be made to:

  • fix bugs
  • keep up with the Go ecosystem
  • maintain compatibility with env file formats of other mainstream "dotenv" libraries, primarily the OG Ruby dotenv and the Node.js dotenv

I have two main reasons for wrapping up active development of this library.

The first is that I'm no longer an enthusiastic supporter of the philosophy of the 12 factor app. I've been working with microservices for quite a long while now, and I find critiques such as Environment Variables Considered Harmful for Your Secrets and Why you shouldn't use ENV variables for secret data very compelling.

This library's purpose was always to make it easier to do active development of microservices that are deployed to 12 factor environments. The library as it stands today does a reasonable job of that, but I see feature requests/PRs come in that expand the scope to better support the packaging and distribution of env files as general purpose config, which I see as a footgun waiting to go off with someone's secrets.

The second is that I'm no longer as active a library maintainer as I once was. I've now got two kids, the timing of the first one coincides with the general decline in my review/comment rate on this repo.

I'm not seeking a new maintainer because:

  • the library does its current job totally fine and doesn't need to do anything else
  • I cannot be assed doing the due diligence on possible future maintainers to avoid being found as the "root cause" on some blog post about a baroque supply chain attack in the future

I'm on annual leave right now and am spending some of that time clearing the backlog of pull requests and issues.

If after this month I close an issue or PR, it will likely be because it doesn't meet my criteria above.