
Ask HN: How secure are private Git repositories? - lma21
Would you use them to version sensitive data?<p>Would Gitlab&#x2F;Github have access to the underlying content&#x2F;history?<p>I wouldn’t use them to store passwords or banking-related information, though how about medical&#x2F;income&#x2F;taxation documents or information?
======
rvz
> Would you use them to version sensitive data?

If you are using a self-hosted version of Github or preferably GitLab then
yes. However, If you're on GitHub or GitLab's cloud version then it's not
secure and you have zero control, even if its private.

> Would Gitlab/Github have access to the underlying content/history?

Who knows. But the first answer tells you that you will have more control in a
self-hosted environment over a cloud based version and I wouldn't risk putting
sensitive data there unless I have complete control with a self-hosted open-
source version (GitLab).

> ...though how about medical/income/taxation documents or information?

Well that's very sensitive data equivalent to bank-level information, which
can be used as a reason for others to determine your job, insurance or loan
choices. Thus, should be treated as sensitive too.

~~~
lma21
You're right on the sensitivity of such data... better to go with a self-
hosted gitlab.

~~~
antoineMoPa
But if you fail to update it, you leave unpatched security holes. In practice,
using a cloud version could be better.

------
onebot
I have often wondered this myself. Considering if github was ever compromised,
could an attacker modify your source code without your knowledge. Seems like a
holy grail of attacks.

What would be interesting if there was some at-rest encryption and maybe some
audit functionality.

~~~
Znafon
You would notice, the hash of the commit would change and you would get an
error message in Git. If this is a vector attack your are worried about, you
should sign Git tags with your PGP key and then you would notice any change in
the history, each commit depends on its ancestors so signing a tag ensure no
older commit can be changed too.

~~~
colejohnson66
Hashes, while sometimes clumsy[0], are an advantage in this instance over,
say, SVN or CVS (which use monotonicly increasing commit IDs).

[0]: Every time I want to find a commit’s parent(s) in Git, I have to look up
the command (I don’t do it often), whereas in SVN I could just subtract one.

