Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Self-Hosting Git Repositories?

Posted by timothy on from the that-sounds-recursive dept.

mpol writes "We're all aware of PRISM and the NSA deals with software houses. Just today it was in the news that even Microsoft gives zero-day exploits to the NSA, who use them to prepare themselves, but also use the exploits to break into other systems. At my company we use Git with some private repositories. It's easy to draw the conclusion that git-hosting in the cloud, like Github or Bitbucket, will lead to sharing the sourcecode with the NSA. Self-hosting our Git repositories seems like a good and safe idea then. The question then becomes which software to use. It should be Open Source and under a Free License, that's for sure. Software like GitLab and GNU Savane seem good candidates. What other options are there, and how do they stack up against each other? What experience do people have with them?"

3 of 165 comments (clear)

  1. Re:White Hats & Ethical Hacking by stewsters · · Score: 2, Interesting

    I agree. Might as well sell the vulnerabilities, thats what m$ does.

  2. Re:Do you understand what Open Source means? by Anonymous Coward · · Score: 2, Interesting

    It's open to everyone. Not just the people you like.

    Arguing "the NSA having access to GitHub is a threat to Open Source" is arguing opening the source is a threat to Open Source.

    Come back when your paranoid fantasies at least resemble the reality I live in.

    Who are you even talking to? The article doesn't say anything about any threat to open source at all. He's talking about closed source code, stored on a third party repository, and has wisely decided that he'd rather just host it all himself. In order to do so, he'd like to use a management product which is open source.

    Reading comprehension- get some.

  3. Re:BS fatalism by Anonymous Coward · · Score: 2, Interesting

    You'd think that backdoors and such inserted by compilers etc would be found, but actually Ken Thompson successfully injected a backdoor into Unix early on via the PCC (Portable C Compiler) which allowed him access to ANY Unix system for a number of years. It spread to pretty much every system in existence and was never detected before he finally revealed its existence in order to demonstrate exactly my point.

    According to Ken Thompson it was built but never distributed. http://skeptics.stackexchange.com/questions/6386/was-the-c-compiler-trojan-horse-written-by-ken-thompson-ever-distributed