
Show HN: Codekeeper – Source Code Escrow for Developers - ddewit
http://www.codekeeper.co
======
cyberferret
Source code escrow is a great service, and one that ALL developers who do
client contract work should look into. I've been creating bespoke software for
business clients for nearly 30 years now as a one man business, and I have a
clause in all my development contracts that stipulates should I pass on or my
business ceases to exist, that full source code is released to my clients so
they can engage another programmer to maintain those projects.

However, I do think the current pricing is quite high when given the expected
timeframes that this sort of service can have. For example, I have one client
where I have had their software in escrow with a local lawyer now for over 20
years! I believe my lawyer only charged me < $500 for the drafting of the
contract way back then, and I've never seen a bill from him in 2 decades now
for the CD of code that he has in his safe somewhere.

Mind you, that CD would be totally out of date now, with the incremental
changes that I have made to the system over the years, and I have no real
guarantee that the CD _is_ in fact still in a safe somewhere as I have not
spoken to my lawyer about this in some years.

That's why I think that this Codekeeper service is a good thing, as it always
ensures your latest code is available. But the drawback are:

1\. Is this service still going to be around in 10+ years? 2\. The cost per
month is still quite high. Given my project I mentioned above, it would have
cost me $11760 to date to have my source code in escrow. If I am going to be
around for another 10 years, then that is going to cost me another ~$6000.

I could conceivably pass those costs on to my customers, but then that is
another thing I have to track and ensure they are billed etc.

~~~
shirakawasuna
One of the issues is that responsibility for maintaining the integrity of the
code is 100% on the seller's side. Like you said, if you used this service, it
would become extremely expensive over the long term. Since the purpose is to
give clients value in the case that you're unable to continue providing
service, why not give them an encrypted version of the code and make the key
the failsafe? There still has to be trust, but then the client gets to choose
the cost of maintaining that code snapshot.

~~~
ddewit
You are right it's exactly the combination of ongoing snapshots and the need
to only provide access when there's a verified release event. We try to
provide that balance.

We also do verification, but that's mainly when there is 'less than optimal'
trust between the developer and the licensee.

------
lowlevel
Maybe I’m just a dummy but you should probably explain source code escrow as
the first topic in your faq. I _think_ I know what it entails but Im making a
lot of assumptions...

~~~
ddewit
Good point! We'll add that to the site. Thank you!

------
ddewit
We created Codekeeper so you can now easily comply with escrow requirements
from your enterprise and government clients, and more importantly, to help you
close deals with those clients quicker.

Being developers ourselves it’s designed to keep your life easy and works in
pair with Github, Bitbucket and the other SCM platforms.

We’d love to hear your thoughts and suggestions to make it fit even better
inside your development or software business.

Cheers!

~~~
heelhook
How are you guys planning on marketing this, if you don’t mind me asking?

Are you using smart contracts to power this?

Congratulations on shipping this! It looks like a very compelling offering!

~~~
ddewit
Thanks!

Yes smart contracts are on our roadmap.

Marketing wise, we have several distribution channels that help us out at the
moment. If you have ideas we'd be happy to hear them.

------
jake_morrison
Too expensive.

Make a source code release and encrypt it. Put it somewhere accessible to the
customer, e.g. an S3 bucket owned by them. Arrange for the key to be given to
the customer under the terms of the escrow agreement, e.g. send a letter to
your lawyer with the terms of release and the key.

I can see value in having someone handle this for me, with a nice UI. It's
fundamentally a clerical job, though, with some legal process /
responsibility. So $50/month is already a fair amount, to say nothing of
$1000.

~~~
ddewit
The ongoing deposits are the main issue which we automate for the client.
Imagine doing what you describe for 50 repo's.

That would make you unhappy quickly. Also the lawyer would not do this for
free.

I guess it's a matter of finding the right balance between cost and
convenience.

------
syllogism
The killer feature you should add is support for hosting an API, for trial
usage. The escrow service would affirm that the trial API endpoint was
produced by hosting a container on a given instance size.

The client then knows that the solution works and is runnable. The integration
onus is then on the client, because the software has passed inspection before
delivery.

