What does HackerNews think of chezmoi?

Thanks. I started using https://github.com/twpayne/chezmoi in the meantime.

I know a few of the options mentioned there but I needed something that would take care of e.g. symlinking or (as is the case with chezmoi) just overwrite local files from the GIT repo it maintains.

Anything for syncing between machines?

For one of my projects [1] I got about ten in-person questions/discussions equivalent to "Why don't you use Rust?" at various conferences/meetups over three years.

The enthusiasm of the person asking the question was evident.

What was trickier to handle was their insistence that "X would be better if written in Rust" without really understanding what makes X successful.

This was further compounded a bunch of copycat projects written in Rust with very limited functionality. Their project's marketing said that "it's written in Rust!" was their primary advantage.

Fundamentally, users don't care, or even know, which language your software is written in. All they care about is whether your software solves their problem.

To answer your direct question: I got multiple "you should use Rust!" comments. I smiled, said thank you I know that Rust is the right choice for certain problems. I then asked "How would Rust help here?" and listened.

When Rust is the right language for the problem, I'll re-write. Until then, I'll be polite and listen.

[1] https://github.com/twpayne/chezmoi

> That this is even suggested as an installation command means that they might as well strike "securely" from the tagline. For someone interested in security the foul odor that this line emits is enough to make me stop reading.

I don't know. I always think this line smacks of paternalism. For instance, plenty of projects suggest for installation something like:

  git clone https://github.com/twpayne/chezmoi/; cd chezmoi; make; sudo make install

Of course, "curl | bash" is not always preferable. Re: security, "curl | bash" may be preferable here given the superuser privileges, or the privileges required by dpkg upon install of a stray deb package. But is the implication one reads the makefile and the source code before installing when one git clones a repo, but doesn't when the instructions say pipe to bash?

I also think many are afraid to admit FOSS packaging security is mostly smoke and mirrors. Sure, it's nice re: trusting a mirror. It's nice for keeping track of packages and dependencies. But its technical security story vs "curl | bash" would seem only marginally better/worse depending on the circumstances.

Because trust is the great problem. "curl | bash" may have a smell, but it's mostly the smell of the sewer we live in.

Another question one might/should ask is -- what is the cross platform alternative? If it's "Build 10 packages for everyone," I'm not sure how happy that will make anyone. Just specifically re: this tool, imagine wanting to use it everywhere, however, you have a Mac dev laptop and your servers are a mix of Linux/FreeBSD. How much easier is it just to say "I trust chezmoi (because I would have had to trust it anyway) and 'curl | bash' is secure enough?"

On the homepage you can find a link to the github-repo in the top right corner.

https://github.com/twpayne/chezmoi/