

What are the normal steps to keep repo safe after hiring freelancer programmers? - alexdelarge

I'm looking to tryout a few freelancers and see if they can come through and if so then hire them for more work. What's the normal way to go about working with another programmer and still keep my app safe?<p>Would I just add him as a contributor on github? And then be able to revert anything damaging that he commits?? Or would he fork my private repo and then push commits to me? I've only used github to just push commits and then push to heroku so I'm confused as to how to keep this all safe while still working together.<p>Also does a freelancer programmer push to my heroku site or does he create his own?<p>Thanks!
======
bartonfink
Part of the hiring process, whether a freelancer or a full-time-employee,
involves an implicit degree of trust. Access to SCM is one way to demonstrate
that trust. Without SCM, your freelancer isn't going to be able to see what he
needs to work with (read) or integrate work with your codebase (write). If you
don't trust a person with that level of access, you probably shouldn't be
hiring them.

One thing I've found particularly helpful as a freelancer is the ability to
work on isolated projects as opposed to ongoing development. Companies hire me
because they have some functionality or enhancement in mind that they'd like
to have, but all their regular developers are tied up with other activities.
At a certain pain point, those enhancements are worth bringing a freelancer
onboard but not quite worth hiring another employee.

What, if you don't mind me asking, do you need done? If you're looking to try
out freelancers and don't have anyone in mind, I'd like to talk.

~~~
alexdelarge
I need someone who knows ruby/rails very well and can help me iron out some
features. Nothing that difficult, something such as adding comments to posts,
or a favorites system for user's posts. And some help with gem support like
sunspot for solr. I'd like someone quite versed in ruby/rails so that these
features can be banged out pretty quickly and without any problems.

------
yid
Repo access is essentially copying your source tree to a USB stick and giving
it to someone.

If your code is that sensitive, split it into modules that communicate over a
well-defined API, and keep the sensitive parts to yourself.

Otherwise, a little trust goes a long way, especially when there's really
nothing effective you can do about it.

