Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] GitHub Private Repos Are Now Free



On 2019-02-23 00:44 +0800 (Sat), Raymond Wan wrote:

> All very true!  For those of you with access to a Linux-based server
> via ssh, gitolite3 is another alternative.  You don't get any
> rendering of Markdown documents, but you get the power of git all
> within your own server.

Actually, you've pretty much got that with just the ability to SSH to
another host, or share a drive between hosts. (This includes services
like Dropbox; I keep Git repos there all the time, though you do have
to be a little more careful on shared filesystems.)

What Gitolite (which I use as well) gives you is mainly a separate
(from Unix) user account system for access to repos with much finer
access granularity than Unix file permissions. It's great if you need
it, but there's nothing wrong with sharing a Dropbox directory if that
is enough for your needs.

On 2019-02-22 16:22 +0100 (Fri), Kalin KOZHUHAROV wrote:

> I haven't read the EULA in details, but I am guessing private repos
> are also "indexed" by their search engine and "selected employees" can
> have a look or hook on certain private repos.

According to a Quora answer[1], no GitHub staff can access your
private repos without your consent. Further, "Internally we have a
concept of 'unlocking' a repository for ten minutes so we can try to
reproduce a problem, but every unlock is timestamped with who
performed that action and why they performed that action."

Unfortunately I can't find the details of this on the GitHub security
information page[2], but there is a link there to contact them.

[1]: https://www.quora.com/Can-GitHub-employees-view-the-contents-of-private-repositories
[2]: https://github.com/security

On 2019-02-23 11:56 +0000 (Sat), Alexey Rusakov wrote:

> If that's of concern, one should go end-to-end-encrypted and
> probably self-host a GitLab instance instead of using something
> hosted "over there".

If you've got very serious concerns about security of access to Git
repos I wouldn't use GitLab: it's huge and hard to configure and
control which is antithetical to good security. Gitolite would be much
more reliable to configure.

The big advantage of GitLab (which we use at work) and GitHub is
little to do with Git repo storage itself but all the other stuff
around it, such as file rendering to web pages, merge requests and
issue tickets, a decent-enough automated CI system, etc. etc. This is
actually way more than most professional development teams need (it
mystifies me why a developer team would want to use a web-based wiki
rather than just keeping markdown files in their repo) but it seems a
lot of developers like bling or are scared of the command line and
text editors or whatever.

cjs
-- 
Curt J. Sampson      <cjs@example.com>      +81 90 7737 2974

To iterate is human, to recurse divine.
    - L Peter Deutsch


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links