On Wed, Sep 10, 2014 at 2:37 AM, Roman Neuhauser <neuhau...@sigpipe.cz>
> # mrz....@gmail.com / 2014-09-09 12:27:03 -0400:
> > On Sat, Sep 6, 2014 at 5:23 AM, Roman Neuhauser <neuhau...@sigpipe.cz>
> > > you seem to be unaware that if you pay some money you can have
> > > repos in github. those are accessible only to users authorized by you.
> > Lot of companies wouldn't allow their IP on servers they don't fully
> > control, no matter how many guarantees that they're the only ones allowed
> > to access it.
> yes, and many do. it's a matter of a kind-of SWOT analysis. do you
> distrust third parties with access to your code? if you take it to its
> logical conclusion you'll find you need to design and manifacture your
> own hardware and software. Intel may deny backdoors in their CPUs,
> but that's no different from Github swearing they [dw]on't let others
> see your code, is it?
Well, it is different (don't get me wrong, I love that companies put things
on github; I have a couple of ideas for tools that rely on that).
- an Intel chip may have backdoors, but there're a few people that can put
- once the chip is deployed, they must still get to it through multiple
levels of firewalling, some of which are under complete control (I guess
one can make the case that a CPU with a backdoor might observe that
specific open source firewalls are being run and open things, but this is
frankly beyond reasonable)
- somebody with access to all those backdoors (basically NSA and similar
agencies) need to have enough interest in targetting me specifically. If
they did have interest I have no doubts they can get to the code. But they
could get to the code just by sending two men in black outside the office
and have a talk with a few employees.
Now github (and really, I do believe github does a great job; here they
stand for any repository out there in the web):
- by definition they hold lot of code from multiple entities, some of which
might be of interest. So they are an obvious target and anybody can try to
- getting in it is easier than getting in your cpu and access can be gained
trough errors in large software stacks
- repositories are not encrypted, so once you're in, you're in
That said, I firmly believe that people will get used to the notion of
having their intellectual property in the cloud, I'm just surprised that so
many do it already.
Anyhow, sorry for sidetracking the discussion. It is not about git anymore,
so I'll shut up and see if people have things to add on how they handle
repositories, which is something I'm very interested in.
>  Cisco and others can't claim innocence anymore
> > I'm actually surprised that companies actually do use github
> > -- especially after cases like
> > -- but I have to admit I know many that do and they seem to be happy.
> well, i had never heard of codespaces.com until their shutdown was
> publicized, and judging from the description of the breach they were
> a fly-by-night operation. github is in a different league.
> at least with DVCSs complete version history remains with you even if
> your hosting provider shuts down abruptly, so you lose established
> processes but no data. github lets you access all your data including
> issues and whatnot programmatically so you can have backups away from
> their infrastructure should the shit hit the fan.
> You received this message because you are subscribed to the Google Groups
> "Git for human beings" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to git-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Git
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.