[TIP] Testing programs that are intended to be distributed in public repos but which need non-public information in order to work

[Laura Creighton]

I'm writing an app that I'm hosting publicly on bitbucket.  In order for it
to work, I need to use my secret password to get into the postgresql 
database at the site I am developing this on, and my PayPal developer 
account id and password, and things of that nature.  But I don't want 
to share this information with the world.

Currently, all this information lives in one file, called settings.py .
I've asked hg not to track this file.  Instead I have a file called
settings.notreal.py, which is tracked and is a copy of settings.py
with the sensitive data replaced with dummy data.  But this means that
I, and anybody else who wants to hack on the thing needs to know
that if they make any changes to settings.py they have to make them
to settings.notreal.py, too.  A trivial python script can generate
one from the other, the problem is in remembering to do so before you
make your commit, etc. so that your commit messages i.e 'fix for failing test 
ABC' aren't complete lies, because they leave out the actual fix.

This must be a common situation, with a well understood solution, but
my Google-fu apparantly isn't up to finding the correct keywords to
search for.  Maybe the whole approach of having 2 files is wrong, and
that is why I am not finding anything.  So what do people do?  And 
what url should I read to figure out how to do it too?

Laura