On Sun, Nov 4, 2012 at 8:42 AM, Ben Laurie <[email protected]> wrote: > On Sat, Nov 3, 2012 at 12:26 AM, James A. Donald <[email protected]> wrote: >> On Oct 30, 2012 7:50 AM, "Ben Laurie" <[email protected]> wrote: >>> The team has ruled out having the master at github. >> >> What is wrong with github? > > TBH, I wouldn't mind much, but I think the concern is that its not > under our control.
It's just git, so keep multiple clone repos. You could use an internal one as the master and push updates to the github one if you don't trust github -- use github to serve outsiders. Really, what matters is that you have one master repo and all other official repos be read-only clones of it. As with any master/slave failover/takeover scheme you can always recover from the death of the master by promoting a clone to master status. So why not trust github? Because they've been hacked? But if you keep multiple clones and people keep private clones then you depend on git's use of SHA-1 Merkle hash trees for security. Or, if you want *private* repos, then you must either run your own git servers or pay a github or gitorious. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
