undefined | Better HN

0 pointschimeracoder12y ago0 comments

If you're talking about for company projects, the enterprise version of Github is self-hosted (e.g. on a VPN): https://enterprise.github.com/

0 comments

ProAm12y ago

People shouldn't trust the cloud for important source storage. Always self-host anything you want to keep private.

VBprogrammer12y ago

I'm pretty sure many more codebases have been lost through failures to secure internal networks by corporate IT departments than through vulnerabilities in cloud hosting providers.

ProAm12y ago

I agree. I was speaking more about security than we blew up our own code repository. Everyone has the ability to light their own house on fire.

1 more reply

count12y ago

'People' shouldn't 'trust' anything.

Verify.

Important storage can be done 'in the cloud', but you need to audit and verify the cloud vendor is providing the proper controls. Just like you need to do 'privately'.

cenhyperion12y ago

For code projects that are between me and a couple of other devs, none of whom are infrastructure security experts, I trust a company like Github a lot more than one of us trying to hack something together on a server.

jethro_tell12y ago

With the exception that if you have three guys hacking something together a dedicated server or a box off your cable modem, with git tunneled over ssh using keys and a proper firewall, you'd probably be miles ahead. That might take you an afternoon to set up with almost no experience.

Not to say that it couldn't be compromised, but your not a target like github might be. If you're working with an enterprise level project with more complex auth and access methods, more users, performance and scaling needs, you'd need a real security implementation.

ersii12y ago

There's plenty of companies/enterprises that use regular Github private repositories though.

j / k navigate · click thread line to collapse

0 comments

ProAm12y ago

People shouldn't trust the cloud for important source storage. Always self-host anything you want to keep private.

VBprogrammer12y ago

I'm pretty sure many more codebases have been lost through failures to secure internal networks by corporate IT departments than through vulnerabilities in cloud hosting providers.

ProAm12y ago

I agree. I was speaking more about security than we blew up our own code repository. Everyone has the ability to light their own house on fire.

1 more reply

count12y ago

'People' shouldn't 'trust' anything.

Verify.

Important storage can be done 'in the cloud', but you need to audit and verify the cloud vendor is providing the proper controls. Just like you need to do 'privately'.

cenhyperion12y ago

jethro_tell12y ago

ersii12y ago

There's plenty of companies/enterprises that use regular Github private repositories though.

j / k navigate · click thread line to collapse