[ownagefool]

Security isn't necessarily bullshit.

CI/CD presents a significant risk and it's not like CI/CD vendors have never had a security incident. Not to mention the unpublished access a member of their staff may have to interfer with your runners or pull your access tokens/secrets.

If an org is more comfortable having their own people assume this risk, I think the gitlab helm chart is better solution. At the same time, a small org, without the resources to properly look after this in-house, should use a SaaS vendor.

[SamuelAdams]

Plus Atlassian is located in Australia [1], and the Australian government passed a bill that requires a backdoor to all software products [2]. So if you care about security, it makes more sense to self-host.

[1]: https://en.wikipedia.org/wiki/Atlassian

[2]:https://www.nytimes.com/2018/12/06/world/australia/encryptio...

[cyphar]

> Australian government passed a bill that requires a backdoor to all software products

That's not quite accurate. There is now a legal mechanism that allows certain government agencies to force you to add a backdoor to your product. But until you are given a notice you don't need to do anything, and you can provide aggregated statistics to your users of how many requests you've been given. There are also some weasel-word caveats (the backdoor cannot be a "systemic vulnerability" but there has been much disagreement about whether this limitation actually means anything -- in my view it's basically meaningless within the context of a single company's product).

There is currently a review process open for the TOLA Act that closes in April[1], so any fellow Australians on HN should submit their comments -- there are only 65 submissions so far (and only 27 are by individuals).

[1]: https://www.aph.gov.au/Parliamentary_Business/Committees/Joi...

[jschumacher]

Another correction, Atlassian has offices in Australia, but predominantly hosts their cloud services in the US and Europe.