|
|
|
|
|
|
by mbrubeck
6059 days ago
|
|
|
Fortunately, reliability isn't that much of an issue for distributed source control. On the few occasions when GitHub has had an extended outage, we just put up a temporary shared repository on a random server and everyone pushed/pulled from that until the outage was over. For security, it depends on just how much security you think you need for your source code. What's the attack model? Do you have competitors who have so much to gain from reading your code that they'd risk industrial espionage? Is there sensitive data checked into your source control that would put you at risk if there were an accidental leak? Personally, I don't think anyone has much to gain from reading my company's source code. GitHub has much more to lose from a privacy breach than most individual customers, so they have the best incentive to secure their systems. They also probably know more than I do about keeping the repositories secure. On the other hand, if I had an exceptional need for security, I'd want to hire an expert myself and keep full control over the servers and processes. |
|
|
I'm not sure I can even properly enumerate the risks -- if I could, I'd be able to make a calculation pretty easily. Espionage seems absurd, but who am I to say that that's not a possibility?
That said, we're getting by by cutting back on our extraneous costs, which means exactly the opposite of "hire someone ourselves and keep full control".