

Ask HN: Should investors have access to source code and servers? - adventured

I&#x27;ve seen opinions go both directions on this topic. I&#x27;m very curious to hear HN&#x27;s input. It&#x27;s a situation I&#x27;m dealing with right now.<p>In a standard venture capital investment arrangement, should an investor be allowed to have a copy of the source code to a product (and or have open access to all code), and root access to the servers the business operates (whether owned or rented)?<p>I think primarily this is an arrangement to be settled between the investor and the company, but I&#x27;m interested in what&#x27;s considered normal practice.
======
MalcolmDiggs
I wouldn't even give the founder of the company root access unless he had a
legitimate reason to need it; let alone outside investors. That's a security
issue, and to a large extent you have to protect people from themselves
(carrying an SSH key on your laptop comes with a lot of responsibility that
that person might not be prepared to wield, or even understand).

Codebase, maybe; but that's because not-all projects have a convincing reason
to keep the codebase private in the first place. (Think single-page
applications where all the code is available to the browser anyway). If your
competitive edge is based on the particular construction of your codebase, or
you have some secret-sauce in there that is ahead of it's time (and not just
standard-practice kind of code) then you should treat that codebase like a
bank vault.

I'd err on the side of caution. Give speedy curated walkthroughs of the
codebase (so they can see it and do some due-diligence to make sure your
engineers are competent), then lock them back out.

------
Someone1234
More no than yes.

But what is an "investor" in this case? Can someone buy a 1% equity and then
walk away with your source code potentially worth significantly more than
that? That isn't rational.

If they /buy/ the company they get access to the source code naturally but why
would an investor? An investor is just staking capital for the chance that the
company's venture will do well. SOME might be investing for the chance that
the IP is worth a lot, and in that specific circumstance it might be rational
to give them limited access to the IP (so they can verify claims).

However I'd never let an investor walk off site with the code or email them a
copy of it to do with as they will. I would let them sit in a room and read
through the code or even have people on their behalf do the same. I'd also do
a code-review style thing where we talk through it together so they better
understand the IP/project. Naturally this would all come with appropriate non-
compete/NDA.

As to root access? HELL NO, that's insane. I don't even think programmers
should have root on production servers let alone fucking investors. The only
people who should have root are your system engineers (for maintenance) and
your deployment lead (so they can pull from the master and deploy to prod'
after it has hit test).

------
tptacek
Why would any real investor want your source code?

~~~
adventured
Here's the context after some discussion.

The investor in question is prominent, invests in a lot of companies, and owns
let's say 20% of the company. I own a controlling interest in the business as
the founder.

I've been out of contact lately with the investor, working on readying a
product. The concern was about me as it turns out, due to the lack of
communication. I play an integral role in the company and the product is my
vision.

The investor had been pretty chill about requiring constant updates, and I got
too relaxed about keeping that communication line where it should be. This is
something at times I'm bad at, I have a tendency to bury myself in something
and not come up for air for a long time.

So the request for source / server access was, in the investor's words, a
precaution. Without actually knowing something was wrong, I don't know that it
exactly justifies an investor having access to those assets directly, but it
sheds light on the thinking. Clearly I need to re-instill confidence there.

------
wmf
Source code escrow is something that has been debated for many years; some
people want it while others think source code is mostly useless without the
people who wrote it.

Root access: never. What would be the use case?

------
jpetersonmn
I personally would never agree to that. If you invest in my racing team, you
don't get keys to the car and get to park it in your garage when you feel like
it either.

~~~
faet
That was one of our selling points in college when trying to raise money for
the racing team. If you donated more than $1k you'd get to drive it in the
parking lot. $5k got you to drive it on the track.

------
compare
No, that's insane. Investors commonly invest in multiple competitors at once.
Not to mention that this is a huge security vulnerability to have this stuff
floating around the investor's office and on their personal computers.

Sad that some investors are so manipulative.

------
falsestprophet
Like everything else if the owners of the company vote to release the code,
yes otherwise no.

