I'm not trying to have my cake and eat it too -- I recognize that there's a different risk profile to outsourcing hosting of any service compared with doing everything in-house. I just want to make sure I'm not veering too far off the tracks in this case.
How much would you be willing to pay? How about $3600.00? Would that be too much? Is it the per user cost of fi that is too much or just the overall cost? What if the $3600 included as many users/repos as you wanted (given your hd space) and 1 year of free upgrades.
How about $999.99 (same as Adobe Photoshop so it should only require middle management approval)? What if you got a box like the yellow google search box (it could be called that the "premium version")?
An unknown factor in all this is how many companies would be even interested in buying a github server in the first place. If it isn't that many the costs might be too low to sustain development. I am betting that for the GitHub guys it makes a ton of sense for them to sell the private small accounts on github (and only manage/fix 1 github version). and for the big guys sell them a big package.
Fundamentally, we don't want any hardware on-premise at all. What we really want is some kind of real statement from the github guys that speaks to all of the issues raised here (encryption, theft, malicious injection, auditing, the "honeypot"/juicy target problem, etc?), as I suggest to PJ below.
I'm guessing that's not going to happen, so I suppose our options are the status quo, host in a less-conspicuous location and manage our own security (as best as one can in a hosted environment), or go with the crowd and seek safety in that quasi-anonymity.
We market (and price) GitHub:FI as our enterprise product specifically because we feel small to medium size companies should be using github.com.
If your and/or your partners need some help putting your mind at ease about hosting your code with us, feel free to email me directly at pj@github.com and I'll do my best to help.
I'd much rather see a public statement on these sorts of issues. The only thing I see on the site that is even remotely relevant is a one-liner on the plans page: "We make every possible attempt to never transmit your data unencrypted."
Presumably, the amount of proprietary code you will manage will only increase over time, perhaps remarkably so. It would be somewhat reassuring if I saw something that indicated that you take this stewardship seriously, rather than tossing off "best effort" one-liners.
You're absolutely correct, we have scraps of information about our security here and there, but no formal page spelling it out. Our security page will be located at http://github.com/security, expect it up within the next day or so.
http://fi.github.com/pricing.html
I'm not trying to have my cake and eat it too -- I recognize that there's a different risk profile to outsourcing hosting of any service compared with doing everything in-house. I just want to make sure I'm not veering too far off the tracks in this case.