> Ones NOT marked as sensitive should be rolled out of precaution
replyif it's not marked as sensitive (because it is not sensitive) there is no reason to roll them. if you must roll a insensitive env var it should've been sensitive in the first place, no?
There's a difference between sensitive, private and public. If public (i.e. NEXT_PUBLIC_) then yeah likely not a reason to roll. Private keys that aren't explicitly sensitive probably are still sensitive. It doesn't seem to be the default to have things "sensitive" and I can't tell if that's a new classification or has always been there.
replyI can imagine the reason why an env variable would be sensitive, but need to be re-read at some point. But overwhelmingly it makes sense for the default to be set, and never access again (i.e. Fly env values, GCP secret manager etc)
Who is this “theo” person and why are multiple people quoting him? He seems to have little to say that’s substantive at this point.
replyHe’s a tech influencer, probably getting quoted here because he has the biggest reach of people covering this so far.
replyHe’s a streamer who talks about tech. Previously had a sponsorship relationship with Vercel so is theoretically more well connected than average on the topic. He’s also very divisive because he does a lot of ragebait, grievance reporting, and contrarian takes but famously has blind spots for a few companies and technologies that he’s favored in past videos or been sponsored by. I have friends who watch a lot of his videos but I’ve never been able to get into it.
replyTheo Browne is a reasonably well known YouTuber & YC founder.
replydeleted
replyHe is a paid Vercel shill (literally, he does sponsored content for them on his YouTube channel)
replyNot in a few years.
replyHe literally doesn't. https://x.com/theo/status/1832228209573949947
replyYT tech vlogger
reply