If everything else is secure and so on and so forth the other main concern 
is handling stuff that should remain private and not overwriting (or 
including your database) certain configuration information in pushes and 
pulls to and from public repos.

Much (all?) of this can be handled with a well constructed .hgignore but you 
may want to look into moving some items into a ./private directory. Items 
that require attention might include:

databases, auth_user

db.py
    users, email addresses, settings and passwords
    auth.settings.hmac_key (???)
    janrain account information
    amazon accounts

.hgignore items to consider

*~
db.py
*.DS_STORE
*.pyc
*.pyo
*.bak
*.bak2
cache/*
private/*
uploads/*
databases/*
sessions/*
errors/*


Reply via email to