第三方主机可以信任闭源/私有源代码管理吗？ [英] Can third party hosts be trusted for closed-source/private source code management?

问题描述

对于很多公司来说，他们的项目源代码对他们来说非常有价值 - 窃取源代码可能会非常昂贵。保持源代码在本地网络上的严格控制是帮助保护源代码的一种方法。

然而，在外部托管源代码有其优势，无论它是简单的颠覆还是在Dreamweaver上托管的git服务器，或像github或cvsdude这样的完整解决方案。

在大多数情况下，员工或其他内部人员可能会访问贵公司的完整源代码和历史记录，尽管可能这种风险相对较小。 / p>

这些真正的恐惧，还是公司不应该担心它们，而是利用第三方主机的优势？

是否有任何大型成功公司目前在其中一个第三方源代码管理网站上托管他们的私人存储库？解决方案

我认为这一切都取决于一个公司有多么舒适的外包。有许多常见的知识产权工作外包。这里有一些，以及知识产权风险： 开发：合同程序员可能知道很多关于您的IP的信息 $ b

主持人：您的网站主持人拥有您的所有代码

会计：会计师知道所有关于您的财务状况的详细信息。了解所有关于收购，预先提交的专利等的详细信息。

制造业：合同制造商拥有与生产产品相关的所有知识产权。 ：外包电子邮件为您的主机提供了一个包含您所有通信的单一数据库。

电话：您的电话公司可以监听您的电话。

实质上，源代码托管与将任何其他IP栈外包无异 - 除了它更新以外，人们没有时间去调整。每家公司都有不同的平衡，将外包的每个部分都外包，但事实是，你外包的每件事都是某个人窃取你的知识产权的机会。最终，它归结为找到一个值得信赖的供应商。即使是臭名昭着的偏执的苹果公司也找到了生产合作伙伴的硬件产品。商业。将存储库的托管服务外包一年可能花费2-3小时的开发人员时间;如果他在维护知识库的一年中花费的时间超过这个时间，那么你实质上已经损失了钱。 （即使他没有按小时收费，这也是真实的，因为在Twitter花费更多工作时间之前，你只需要在他的周末窃取他的许多周末）。

免责声明：我为ProjectLocker工作，一家托管公司的源代码。

For many companies, their project's source code is very valuable to them -- theft of the source code could be very costly. Keeping source code tightly controlled on a local network is one way to help protect it.

However, there are advantages to hosting source code externally, whether it is simply a subversion or git server hosted on dreamweaver, or a full solution like github or cvsdude.

In most of these cases, there is the possibility that an employee or other insider could access your company's full source code and history, although presumably this risk is relatively small.

Are these real fears, or should companies not worry about them and instead make use of the advantages of third party hosts?

Are there any large successful companies currently hosting their private repository on one of the third party source code management websites?

解决方案

I think it all depends on how much a firm is comfortable outsourcing. There are a lot of common IP work pieces to outsource. Here are some, along with the risks to IP:

• Development: Contract programmers may know a lot about your IP
• Hosting: Your Web host has all of your code
• Accounting: Accountants know all the details about your financials
• Legal: Attorneys know all the details about acquisitions, pre-filed patents, etc.
• Manufacturing: Contract manufacturers have all the IP related to producing your product
• Email: Outsourced email gives your host a single database with all your communications
• Telephony: Your telephone company could snoop on your lines

Essentially, source code hosting is no different than outsourcing any other piece of the IP stack -- except it's newer so people haven't had time to adjust. Every firm has a different balance of comfort outsourcing each part of the stack, but the reality is every thing you outsource is an opportunity for someone to steal your IP. Ultimately, it boils down to finding a trustworthy vendor. Even the notoriously paranoid Apple has found manufacturing partners to produce their hardware.

IMNSHO the reason to outsource source code hosting is the same reason a firm outsources anything: it's not their core business. Outsourcing the hosting of your repositories for a year might cost the same as 2-3 hours of a developer's time; if he spends more time than that in a year maintaining the repository, you have essentially lost money. (This is true even if he isn't paid by the hour because you only get to steal so many of his weekends before he takes the time back by spending more work time on Twitter).

Disclaimer: I work for ProjectLocker, a source code hosting firm.

这篇关于第三方主机可以信任闭源/私有源代码管理吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！