Ask Slashdot: Self-Hosting Git Repositories?

mpol writes "We're all aware of PRISM and the NSA deals with software houses. Just today it was in the news that even Microsoft gives zero-day exploits to the NSA, who use them to prepare themselves, but also use the exploits to break into other systems. At my company we use Git with some private repositories. It's easy to draw the conclusion that git-hosting in the cloud, like Github or Bitbucket, will lead to sharing the sourcecode with the NSA. Self-hosting our Git repositories seems like a good and safe idea then. The question then becomes which software to use. It should be Open Source and under a Free License, that's for sure. Software like GitLab and GNU Savane seem good candidates. What other options are there, and how do they stack up against each other? What experience do people have with them?"

Re:If you don't want people to see the source...

1. To moderators: this is not a Troll. A misunderstanding, yes. A Troll, no. This leads us to...

2. To commentors: You don't need to insult somebody to correct them. Here's how:

Git repositories aren't necessarily OSS/FS. You can host proprietary software if you pay them.

Other Alternatives

[paskie]

You should clarify what are you after. Do you just need a place where to push + pull, or are you looking at something akin to the GitHub experience?

Aside of GitLab, also consider Gitorious. I'm not sure about how easy it would be to get GNU Savannah up and running, and Git is only a small part of what it does.

You can also find GitHub Enterprise interesting if you are ready to pay; I assume(!) it will call home to verify the licence though so making sure no stuff is sent to NSA may be tricky. ;-) Upside is minimal setup hassles for you.

You may also find the Girocco platform interesting (CGIs for project index + project management web interface, and gitweb; much smaller than the above-mentioned ones so you have a good chance to actually review all the code for yourself, but it's also more raw experience; disclaimer: I'm the main author of Girocco).

If you are fine with a simpler experience, you can simply use git-daemon (or purely SSH and git installed on the server), possibly gitolite to easily manage user access and gitweb/cgit for a web interface - there's no special magic, the Git repositories are just directories on the server.