undefined | Better HN

0 pointsfps9y ago0 comments

We have about 100 private repos at the moment, including internal tools, branding related components, infrastructure code and pre-release stuff that we're not developing in the open. We may just move those to AWS code commit, gitlab or gogs and switch back to a free org.

0 comments

sytse9y ago

You're very welcome to switch to GitLab.com, we are free forever https://about.gitlab.com/gitlab-com/#why-gitlab-com-will-be-... and it can import directly from GitHub.

puddintane9y ago

GitLab CE (Community Edition is Free) and is truly great we use it in our own internal software development process.

However for a bigger enterprise they require more functionality here is a comparison of the differences between the Community and Enterprise Editions.

https://about.gitlab.com/features/#compare

Several pricing options for EE but essentially the base cost is $39 /year per user.

https://about.gitlab.com/pricing/

gpm9y ago

gitlab.com runs EE though doesn't it? You only need to pay if you want self hosted EE.

2 more replies

X-Istence9y ago

You are replying to the CEO of Gitlab... :P

1 more reply

dano9y ago

Is gitlab still using MySQL or its variants behind the scenes?

mayli9y ago

The gitlab import is really SLOW and there is no clear indication of the progress. Try to import https://github.com/torvalds/linux.git, it takes forever.

Q6T46nT668w6i3m9y ago

FWIW, I work for an academic non-profit and we use public repositories with an appropriate LICENSE. We like it because we don't need to manage read permissions.

woah9y ago

What kind of bad things will happen if people are able to see what you are doing?

BHSPitMonkey9y ago

Your first comment stated the problem was your large number of non-employee contributors. You said in another comment that non-employees don't contribute to your private repos.

I don't see the problem here. Your employees will have access to your private repos, and the volunteers will not (thus you won't be paying for their seats).

VLM9y ago

"that we're not developing in the open"

Honest question... why?

I totally understand the mindset of "gotta go all secret squirrel to protect our profits" but if your org isn't in it for the profits there's not much to protect?

I have seen examples of people performing very naughty acts like private repos to hold plain text passwords, plain text cloud service keys, plain text corporate credit card numbers for expense payments, etc.

__jal9y ago

There are a ton of reasons not to develop in the open, no matter what your structure.

- You're experimenting - You don't want comments from the peanut gallery while things are in progress - It is not for external use, specific to an institution or project, or otherwise nobody else will care - It deals with something sensitive - You've made an agreement with someone else that requires it - etc. etc. etc.

People seem to have weird notions about nonprofits. Your tax structure doesn't change the fact that you operate in a world of other human beings.

fpsOP9y ago

mostly these reasons. We also want to make sure that code we open source is properly documented, has appropriate functional tests, and is useful outside of our organization. Our typical workflow is to build a POC, then an MVP, then build out documentation and unit tests.

geofft9y ago

Non-profit organizations still have a mission that they need to protect, and they almost always have revenue they care about, though not profit.

Private repos are a good way to review code for things like plaintext passwords and service keys before it's in production. If a developer commits something with a key, and code review goes "Oh, you shouldn't have put that there," and it was public, now you have to rekey. Private repos allow that code review step to take place.

(They're also pretty useful for legacy code where eliminating all the private keys is difficult and not an immediate priority, and for the rare but existent cases where including private keys in source is the right engineering tradeoff for new development.)

There's also no way to disable pull requests and other outside comments on your code, other than making a private repo. Having it private is a simple way to avoid inviting the public to have opinions all over your repo.

slantyyz9y ago

My first job out of university was at a not-for-profit, and it is a surprisingly cut-throat sector.

We had two main competitors in our space, and while the ultimate goal for everyone including our competitors was to do a common good, we were competing for a limited pool of donation dollars.

Because of that, sharing any intellectual property that made us better at what we did (i.e., raise more money, hire more staff, fund more initiatives) could result in a competitor using that same IP to put us out of business.

I get that in the big picture, it's not the way things should be done, but in the small picture, you're usually talking about individuals with their own agendas.

j / k navigate · click thread line to collapse