Merging Devise Security Extension into Devise? #4619
Comments
|
I don't think so. Merging this means that we will have to maintain and, while I like to maintain code, I prefer to keep the scope of the things I maintain really small. Because of that, through the years, we have being polishing the scope of Devise to be only essential features and merging those extensions into the gem is going against this goal. Other maintainers may have different opinion than mine so I'll keep this open to get their feedback too. |
|
I would also like to see this merged into the main Devise repository but I also understand the goal of keeping the project scope small. |
|
Perhaps instead of merging the two together, the Devise Wiki or README's can be updated to reference the |
|
I agree that it's better to keep things separated. |
|
I've worked on some projects where some of those modules were required, but I have since learned that most of them are in fact anti-patterns. The latest NIST guidelines specifically say that you should NOT do the following:
|
|
I'd like to add about NIST Guidelines:
|
In addition to Devise, there's a gem called devise_security_extension that builds on Devise and adds additional modules. Unfortunately, the original maintainers have gone MIA which has made it difficult to get maintenance updates for things like Rails 5 fixes or Ruby 2.4 fixes merged in, let alone bug fixes or features.
Several members in the community have decided to make a new fork at devise-security in order to have a mainline branch where this work can be contributed.
Is there interest in getting some/all of the modules in this gem merged into Devise itself?
The text was updated successfully, but these errors were encountered: