12

What the hell is wrong with using GitHub, or Git??? A client told me he’s concerned because it’s been, in his words, “compromised” and the admins can “see our code for trouble shooting purposes” and he doesn’t feel comfortable with that…🤨 like…no one wants this code my dude, like the fuck!?! We’re already using a skeleton project from someone else’s git, yet you dnt want this project on there??? Ooooor, is it because you dnt know how to use it??? Nor do you want to take the time to learn it??? 🤨 fuck boy. 😡😡😡😡😡😡🤬🤬🤬🤬🤬🤬🤬

Comments
  • 2
    Did he have problem with git or github?
  • 0
    @mr-user Both. He doesn’t like either of them. 🤦🏾‍♂️ personally, dnt knw if his git or hub was ever attacked, he only mentioned of articles saying it was hacked…😑
  • 1
    @mr-user *By “git” I meant GitLab && GitHub. Just frustrated when writing this because I just spoke to him about it.
  • 2
    @DivSyntax please don't confuse services with a version control system. Git has nothing to do with gitlab, github or bit bucket or whatever.
    As GitHub is owned by an American organisation (called Microsoft) it's service is by default compromised by several government projects and law.
  • 2
    I'm not saying the dude is not paranoid and that I don't have stuff on those services. But there is a difference and might be valid concern. You can use any server with ssh as centralised push spot.

    Git itself is safe to use any other distributed vcs will do in a pinch. It's ok to refuse work if you can't use any. They are in my opinion just as required as your editor.
  • 3
    and having your / their IT host a git server is not an option?
    that the client doesn't want company-owned code in the cloud of a 3rd party provider (even when the repo is not "public") is relatable.
  • 0
    I've done a bit of searching and there is a ton of bullshit blame the medium articles like this
    https://spectralops.io/blog/...

    All incidents are about publishing shit. Those incidents happened in the past with email, ftp, pastebin sites, Twitter, Facebook and collaboration tools like google docs.
    Putting sensitive information in anything but an encrypted file is the security error here.

    Unfortunately this kind of clickbate scares muggles away from good practices.
  • 0
    I beg your pardon? Did your client just confused about git and GitHub?
  • 2
    Self-hosted Gitea instance. Pay only for infrastracture and little maintenance cost.
  • 3
    Microsoft stole all code on Github, including private, to resell in the form of snippets through Copilot. Combine this with the fact that they are a US-based company that doesn't have a warrant canary and it's easy to conclude that Github is compromised.

    Git on the other hand is just a data store. If you have access to the store, you have access to the data. Same as a folder.
  • 0
    And on-prem git servers are illegal there?
  • 0
    @lbfalvy any proof that they stole private code? For public it's not really "stealing" as it's something everyone can do
  • 0
    @dontbeevil But it was reported multiple times that even ones without license were used in training. It's a clear violation.
  • 0
    @vintprox ok than about public... Any proof about private?
  • 1
    @dontbeevil You have a point about private ones. It's a Schrödinger's cat situation. We're only left to believe or not to believe those who reported their private code leaking into Copilot's suggestions. Few footages show it, but I'm not one to say if they are genuine or not.
  • 0
    @dontbeevil No, selling code from public repos without a license is exactly as illegal as selling code from private repos. This isn't a fucking flea market we're talking about, this is Microsoft.

    Also I think they stated somewhere that they're taking code from all repos on Github indiscriminately.
  • 0
    @lbfalvy we clarified about the public ones, I'm waiting for the "stated somewhere" about private ones proof
Add Comment