

Ask YC: Hosting your source code outside, it's really secure? - pibefision

I'm seeing a lot of people who host code outside. Maybe to get aditional functionalty or as a backup solution.<p>If you are a small startup, and your code is your life, because u worked so hard on it, its really a good idea host it outside? Using Lighthouse App, or any other service?
======
chaostheory
Given that:

1) Many programmers don't even bother to look at the source of open source
libraries and projects they use instead of just cargo culting

2) Code changes really often because of the never ending list of bugs and new
features

3) A lot of code (including some of my past work and probably some of yours)
is garbage (at any given point)

4) Even if your code isn't garbage, the guy looking at it may think it's
garbage

I wouldn't worry too much until your application gains in popularity

------
utnick
i would say in most cases it doesn't matter if its secure because

A) The person breaking into the source code server isn't your competitor

B) Source code isnt the life of most web 2.0 startups. If I gave you the
source code to Twitter it wouldn't get you very far.

~~~
pibefision
B) What if we could get access to an early release of Basecamp?

------
secorp
I would first determine if your source code really warrants the effort needed
to keep it secure from prying eyes. We've evaluated several factors including
the source code, the service built leveraging that codebase, the people
involved in the execution, and the business plan that mixes everything
together. For us, in every scenario we could model the value generated by the
code was much higher if it were open-sourced.

For example, because the code is open to all, the developers are motivated to
produce much better documentation and testing harnesses, usually before they
actually do the code itself - internal costs go down. This pays for itself
many times over in time saved during debugging and deployment.

Another example is that we've received a lot of critical peer review of our
code which has helped us catch and fix flaws in our security and design -
internal costs go down, public perception of security becomes positive.

In my experience and market research, it is nearly always the execution of the
business that significantly outweighs any super-secret Python methods I may
have thought were cool at 2am :)

------
wheels
Your users are your life. Your source code is an implementation detail. :-)

Most Web 2.0-ish startups aren't doing a lot of really tricky stuff behind the
scenes (i.e. you can kind of guess what the implementation is like most of the
time anyway) and most commercial competitors aren't going to be dumb enough to
risk the legal implecations of stealing your code. The chances of you losing
your work because you didn't have an off-site backup are infinitely higher
than you losing it because a competitor steals it and uses it against you.

That said, since I already had a VCS set up here, and have a little of The
Paranoia too, we use a local server for version control and then do a GPG
encrypted backup offsite.

------
pius
Lighthouse is actually for issue tracking. The company that makes Lighthouse
also makes Warehouse, a similarly elegant system that developers install on
their own servers.

~~~
pibefision
Thanks! I did't notice that.

------
chrisbroadfoot
I'm curious about what you mean by security. Are you afraid that your host
will steal/look at your data, or other external baddies?

If it's external baddies, then yes, I suppose that's something to be concerned
about... If you're the only developer, or you only need an internal repository
(i.e. on a LAN) then I'd just host it locally and back up regularly to a
secure host.

------
aschobel
What size team? If you are only one person then have a local svn repository
and backup to S3.

------
Hates_
This is something I have recently been very curious about. The services
offered by Beanstalk and Github are very alluring.

~~~
pibefision
Fine! I'm not the onlyone! :)

------
anamax
Are you worried that someone might copy your code or that your code might
become inaccessible to you?

~~~
pibefision
I'm worried about someone accessing to my code.

------
xenoterracide
well... if you are sharing the code with the world does it matter? unless you
are worried it will get corrupted. use git with your co-founders/employees if
you are worried about it being stolen.

------
blender
We use cvsdude.com.

commenting from my nokia n810 :-)

------
edw519
Why not keep your source code local and upload only the object code to your
host?

~~~
Hates_
Wouldn't that defeat the point of using SCM?

~~~
edw519
Which is most important to you?

