When reading this thread about what to do if your Discourse is hacked, I was prompted to post a question that’s been bugging me since I first used Discourse: Why even include the option to download the whole database to the local computer? I can see no reason why an admin would want to back up her database to her own desktop computer, nor any reason he would want to spend hours waiting for a file which could potentially be gigabytes in size to download.
I feel like this should be a command line option and allow the admin to back up the database to an S3 bucket or remote FTP host. I feel like what data is contained inside the database is of no concern to anyone but the person responsible for maintaining that database / the server. If an admin starts to feel disillusioned with the other admins, they can take a copy of the database to do whatever they please with, including to blackmail the other admins.
This feature is common among forum software and is often used to compromise open-source projects’ data, like the case this week with Linux Mint. Why tempt fate?