
GitHub is apparently in crisis again - walterbell
http://www.businessinsider.com/github-identity-crisis-2016-2
======
devinus
I've been on GitHub since the earliest days, and I've definitely noticed that
there's something going on -- or the lack of _anything_ going on more like it.

When was the last time a big feature that people are actually clamoring for
was added to GitHub (and let's not pretend LFS fits that description)?
Meanwhile you have the maintainers of the most popular projects publicly
begging for changes they've been waiting years for, startups like ZenHub
innovating on TOP of GitHub in the form of _browser extensions_ , and then
startups like GitLab poised to eat GitHub's lunch as soon as they figure out
how to capture the social aspect.

I'm not sure what GitHub is spending the money on, but it sure as hell isn't
on the core platform itself or keeping it's most active users happy.

~~~
seiji
The trick is, I think GitHub stopped being a software company. At some point
(after Tom left), GitHub was taken over by finance people to just pump money
out of the VC system. Is there any other explanation for why GitHub The
Corporation has completely stopped interacting with GitHub The Community?

GitHub raised $250 million last year and, as you mentioned, there's nothing
externally visible to show for it (as consumers of their public platform).
(random guess: the $250 million could have been $150-$200 million in cashing
out stock to individuals (like crooked groupon shenanigans) then maybe $50
million for operations? How many billions of dollars does it take to write an
issue tracker with more features than redmine from ten years ago?)

Same comments were making the rounds months ago too:
[https://news.ycombinator.com/item?id=10165681#up_10166913](https://news.ycombinator.com/item?id=10165681#up_10166913)

All this gets back to a bigger trend we see these days: closed platforms are
like governments (google, apple, github, twitter). We don't allow (sane,
first-world) governments to exist without citizen representation. We must
demand user-level representation in corporations running global scale closed
platforms everybody relies on. Community powered social platforms don't exist
without the community, and private corporations exercising extended "we don't
give a crap about the users even though we have millions (or hundreds of
millions) of them" patterns must be... corrected.

No Computation Without Representation.

~~~
forgotpwtomain
> GitHub raised $250 million last year and, as you mentioned, there's nothing
> externally visible to show for it

I completely agree, I've never been able to take github seriously as a GUI --
(e.g. there is still no way to search commits).

> All this gets back to a bigger trend we see these days: closed platforms are
> like governments (google, apple, github, twitter).

I don't think it's the same to include Github into these, the main facility
provided by github is simply a centralized host for your git repo, Git is FOSS
and there are a number of alternatives.

~~~
sdesol
> there is still no way to search commits

Just an FYI. I've implemented commits search among other things for GitHub.
You can learn more about it here:

[http://gitsense.github.io/](http://gitsense.github.io/)

Note the latest GitSense version doesn't include branch level code searching.
I'm still testing this out, and I'll be releasing another GitSense update very
soon, which also includes support for BitBucket.

And sometime next week, I'm going to start looking for beta testers for my
indexing engine, which is what makes all of this possible. If you have 10,000
or less commits in your repository, you'll be able to install and use the
indexing engine for free. However the free version won't include diff
indexing, as that greatly increases the number of moving parts.

~~~
alphapapa
I don't want to pooh-pooh anyone's hard work--please don't misunderstand me--
but I am legitimately curious: why put so much effort into building a house of
cards upon a foundation of shifting sand? Your project is completely dependent
on GitHub's reliability, integrity, and goodwill. It could implement its own
version of your enhancements and render yours obsolete. Arguably, it _should_
do that, because what's the point of relegating useful enhancements to third-
party products?

So doesn't that mean that your project is living on borrowed time? Why not
build upon an open platform instead, one that you can control, one that can't
be ripped out from under you?

Again, I don't mean this as criticism, I'm just very curious, because I don't
understand.

~~~
sdesol
You have a valid point, but what isn't obvious is my technology isn't really
dependent on GitHub. The only thing that can cripple me is Git becoming less
vogue. There are two parts to my technology:

\- There is the front end which is 100% JavaScript and this is important since
it allows me to build on top of existing web solutions like GitHub

\- There is the indexing engine which was insanely hard to develop and is what
makes my solution unique.

I've attached some screenshots that shows how I'm using my JavaScript
technology to integrate with Bitbucket here:

[http://imgur.com/a/7AME6](http://imgur.com/a/7AME6)

I've also uploaded some screenshots that shows how I monitor/manage indexing.
Right now, my indexing engine can easily process 10s of thousands of
repositories with millions of branches on a single machine. The indexers are
designed to scale horizontally and developing them was insanely hard and
that's what I'm really selling. There is a reason why GitHub stopped indexing
commits a few years ago. And why Bitbucket has a 5 year old ticket about code
searching:

[https://bitbucket.org/site/master/issues/2874/ability-to-
sea...](https://bitbucket.org/site/master/issues/2874/ability-to-search-
source-code-bb-39)

Should the worst happen and I get shut out by GitHub and Atlassian, there is
always GitLab, Gogs, etc. For now, I'm more than happy to build on top of
GitHub and ensuring my solution works with their Enterprise offering.

~~~
kannonboy
Nice one! Looks very slick. I'm a dev attached to Bitbucket, I'm curious if
you've seen the Bitbucket Connect framework:

[https://developer.atlassian.com/bitbucket/guides/getting-
sta...](https://developer.atlassian.com/bitbucket/guides/getting-started.html)

The browser extension is nifty, but Connect provides a proper API for
embedding custom views in the Bitbucket UI if you want something a bit more
robust (i.e. it will still work even if we decide to change the DOM at some
point in the future).

~~~
sdesol
I looked at Bitbucket Connect, but it looks like everything is done via iframe
for obvious security reasons. This doesn't appear to be the case with
Bitbucket server.

Somebody from Atlassian has reached out to me and I'll get back to them next
week to see what can be done to get this working with the Connect framework.

------
GreaterFool
I love GitHub but IMHO GitHub could use a bit of a shake up.

* Code browsing is terrible and without `octotree` I don't know what I would do.

* Organization view is a joke; once you have 50 repos, good luck finding anything there.

* There is no way of managing anything on higher level, only per repo. I can live with that but there are people who want to track issues across the projects. And then one ends up with JIRA for issue tracking (the horror!).

* Edit: code search is also a joke or even an insult

After all these years in business, GitHub website doesn't offer any insights
into your git repo over git command line and is probably worse than command
line for many use cases. That is simply disappointing.

~~~
reustle
> Code search is also a joke or even an insult

Oh give me a break and get over yourself. An insult? Are you serious?

~~~
imron
Not having a case sensitive search option for codesbases that are often case
sensitive is definitely a special kind of cruel joke.

------
PhilWright
I don't understand why this is an issue for the current employees. Surely you
hire a bunch of sales people and a bunch of consultants to help with on-
boarding/support and place them in a separate floor or building. They don't
really need to interact with developers.

The 'brogrammers' just carry on as normal and some of their work is now adding
features to help support enterprise requirements. Unless your sitting a cold
calling sales rep next to my desk then who cares? Someone has to pay for that
foosball table and fridge full of beers, let the sales people on a different
floor do their job.

~~~
zippergz
Enterprise sales people can make a habit of selling things that the product
can't currently do, and then forcing engineering to make it a reality on a
compressed timeline because "this is a deal we can't afford to lose."
Repeatedly. No idea if that's happeing at GitHub, but I've seen it happen a
few other places, and it sucks for the engineering and product teams even if
the sales people are in a different state.

In a similar vein, enterprise customers tend to want different things than
smaller customers do. This means that the features the teams have to work on
will change, and some people may not be as interested in working on stuff they
have no interest in using themselves.

~~~
linkregister
> sales people can make a habit of selling things that the product can't
> currently do

Maybe this is a trope from the 90s and 2000s or from a Scott Adams cartoon,
but I disagree this is representative of most enterprise sales these days.
Maybe I'm just spoiled, but every company I've worked at the past decade has
had a knowledgeable sales force. I've been asked plenty of times, "can you add
this feature for a huge customer?" and been able to say "no, that is not
realistic for us to complete in a reasonable amount of time."

~~~
bmelton
I think that overselling is a trait of young companies, really.

Every sale matters when you don't have customers, and if it means a little
back-breaking work to get that first bit of revenue, I know very few companies
with the fortitude to say 'No'.

Once the product has established a foothold, reputation, or repeatable sales
process that works, product managers get an idea of exactly what it is that
customers want, and across more than one data point. From that, they're able
to communicate the exact value they provide to the sales team, and that sales
team is able to approach customers with an actual, legitimate, proven value
proposition.

It isn't until the product team really knows what they have that those
requests become easier to turn down.

(Or at least, that's been my experience.)

------
wushupork
You can't have it both ways. If you raise money from VCs, their expectation is
to have a huge return. Things that have worked when you are a small startup
will not work when you get bigger in order to grow enterprise revenues. If
those people really wanted it to be "the way it was" then raising money goes
counter to that.

------
financedfuture
This isn't surprising. I'm gonna generalize:

Without VC money, startups are led by "culture" (i.e. collective personality
and desires of each member of the team). It has amazing results in the long-
term.

With VC money, startups replace their culture (seen as irrelevant) by short-
term expectations. Pressure , competition and hierarchy are built. Good for
short/medium-term valuation. Terrible for long-term commitment.

------
jrochkind1
This seems to be just re-reporting an article linked to, which is behind a
paywall. Anyone have it? [https://www.theinformation.com/what-happened-at-
github?token...](https://www.theinformation.com/what-happened-at-
github?token=6052af97be40ce21584f311dbe192252692ba45a)

The actual OP article at the top of this HN post doesn't have too much
information. It is not new information (or at all unexpected) that there is
some internal tension in GitHub over the companies growth. If it's a "crisis"
now I'm curious, but the linked article does not provide much to back that up
-- sounds like the paywall'd article might? The actual linked article is
useless.

~~~
gohrt
It's BusinessInsider, an SEO-clickbait operation. It's the HuffPo meets the
Sun of Uber.

------
steven777400
GitHub has to have revenue to continue to operate. I'd rather GitHub go down
the road of enterprise and other paid contracts, rather than going down the
road of becoming SourceForge and all the ickiness that that entailed.

~~~
stalcottsmith
I wish they would be happy to service accounts like mine at $100/month. I
prune all the time to stay on my grandfathered plan and not get bumped to
$300/month. That said, we are moving most of our private repos which do not
require outside collaborators to our self-hosted gitlab. Bonus -- gitlab comes
with CI! -- another product I can skip paying XXX/month for. Lest you think we
free ride, we've made substantial contributions to gitlab through our paid
open source internships.

~~~
sytse
Thanks for contributing to GitLab. Glad to hear you like CI

------
bjacks
Has anyone noticed that the GitHub reviews on Glassdoor.com only start from
May 19th, 2015? Have they been deleting bad reviews? Seems really suspicious.

[https://www.glassdoor.com/Reviews/GitHub-
Reviews-E671945_P3....](https://www.glassdoor.com/Reviews/GitHub-
Reviews-E671945_P3.htm?sort.sortType=RD&sort.ascending=false&filter.employmentStatus=REGULAR&filter.employmentStatus=PART_TIME&filter.employmentStatus=UNKNOWN)

~~~
deadHorse
No, I did not notice that. And that's because glassdoor is such a whiney
bitch-fest that being on that site sucks _even harder_ than wading through the
dogshit on linked in.

Here's your average glassdoor post:

    
    
      Weh! Weh weh weh weh weh! Mih mih mih! Boo hoo! Poopy!
    

Besides, every one knows that a good PR department will just spam the living
shit out of a site like that, and bury negative posts. It's glassdoor's entire
business model. And that's certainly something any a-list website can afford
to do. All it costs is a handlful for copy editors and some thirdworld
developer salaries.

~~~
catfest
It does look a little strange that there are entries actually _missing_ though
- that's quite different to being buried.

~~~
randycupertino
Glassdoor removes negative reviews if you advertise with them. Also if you
know the right people who work there (source: my current bosses friend from
college works there, and he was bragging to me about how he got them to pull
all our negative reviews. One of which I wrote).

~~~
Lawtonfogle
>Glassdoor removes negative reviews if you ~~advertise with~~ bribe them.

Six of one, half a dozen of another.

------
dexwiz
Git is a steps away from being decried as "monoculture". Everything is on
github because everyone uses it, and everyone uses it because everything is on
github. Github won for a few reasons.

Their only real competitors were Bitbucket (which was originally Mercurial and
was late to the git party) and Google Code (which was taken to pasture along
with Wave and Reader). Bitbucket is not targeted at individual users. It is
targeted at teams and companies. Atlassian has played in the small
business/enterprise market for a while. As evidence by Atlassians "defeat" of
FogBugz. [http://movingfulcrum.com/why-fogbugz-lost-to-
jira/](http://movingfulcrum.com/why-fogbugz-lost-to-jira/) Google just kind of
gave up on Google Code and closed the doors because it wasn't the biggest kid
in the playroom.

Also the explosion of repo/package tools (Bundler, npm, cargo) and automation
lead people towards browsing repos instead of static assets. Github provides a
ton of tools to deploy to package managers like npm or PaaS's like Heroku dead
easy. Github is not just a code repo, but a base for Continuous
Deployment/Integration. "

Github would benifit from the platform route over the software route. A cloud
based software repo isn't particularly special. A one stop for managing code,
deploying software, working tickets, hosting docs, and more is special. Github
has great tooling around pushes/commits but not issues/docs. Markdown is great
if you're a browsing a repo, but isn't nice for non programmers. I would much
prefer something like readthedocs.org integrated in.

Also github could look into offering services for enterprise customers. Github
is fairly self service right now. They stand to make a fair amount of money
charging for setting up deployments to AWS or Travis for you. Enterprise
customers definitely overpay for simple stuff that could be done in an hour
with proper docs.

------
patmcguire
Sighhhh, all the real info is in a buried link. Great encapsulation of both
everything wrong with web journalism and web audiences, since the article is
paywalled and I'm too cheap to subscribe.

[https://www.theinformation.com/what-happened-at-
github?token...](https://www.theinformation.com/what-happened-at-
github?token=6052af97be40ce21584f311dbe192252692ba45a)

------
reuven
I'm sensing some very, very strong irony here.

When GitHub (which has always been cash-flow positive) took VC money, they
said that it wasn't because they needed the money. Rather, they said that the
money would be used to fund new projects and directions, and because it
brought the VCs in as strategic partners.

Maybe the money did change things -- but the new directions weren't positive,
and the strategy suggested by their partners wasn't as beneficial as they
thought?

------
mrmondo
We moved from GitHub to Gitlab (mostly self hosted), honestly - Gitlab is just
so much better in almost every way. We find the UI (recently) so much more
intuitive, Gitlab CI is fantastic when combined with Docker, they're far more
transparent and pro open source, their dev and management team will do almost
anything to listen and help you, the configuration and customisation of the
self hosted omnibus install is almost fantastic, they've been squashing bugs
and releasing features rapidly while also decreasing the number of regressions
introduced and improving their test suit across the board.

------
benlower
Should we be worried about this? Sounds like there's some growing pains at
Github but is this really trending toward some kind of meltdown?

~~~
swalsh
I mean there's still a bunch of people paying for the service. Worst case
scenario is a stagnation, which gives enough time for things to migrate
somewhere else.... but really it probably isn't even close to getting there.
It sounds more like the culture there is changing, and what you can expect is
a platform that is better for an all integrated enterprise and less of a
platform that is great for open source and community.

------
Aloha
Why would someone (specifically a large enterprise) outsource source control?

Running a local svn or git server is fairly trivial.

~~~
sytse
At GitLab we learned that indeed large enterprises don't outsource it, they
run something (GitHub Enterprise, GitLab CE/EE, etc.) on-premises.

~~~
Aloha
Huh.

Okay, I guess that makes as much sense as anything really. I can see the
advantage in something turnkey.

~~~
sytse
Large organizations do it for different reasons. To use their own directory
service (LDAP/AD), to more easily integrate it with their other tooling, to be
in control of where their data is, to have more control over availability, to
be able to add layers of security (VPN, etc.).

------
chetanahuja
Gitlab as mentioned in the original article is actually a fairly decent
alternative for github. The biggest advantage as I see it is that you can
self-host the open source version so you don't have to host the crown jewels
of your company (the source code) under care of github's servers.

------
erinjerri16
Hm, who actually uses GitLab or Atlassian? Who else is getting lots of users
en masse at this level that they become dependent on the software, if GH goes
down, there goes a ton of open source and indie devs who depend on it. Re:
enterprise sales, well that's startup life for you.

Re: hiring & sales - on a semi tangential noet

Honestly, when I visited GH last year and met the very (few) women that worked
there (they were all in marketing), (it was the UE4 workshop with like 3 women
in attendance, great workshop, but I noticed more and more of the staff at
happy hour (their bar) was filled with lots of marketing/sales people --
something I hadn't really experienced other times I visited, usually its more
devs than those folks (marketing/sales).

~~~
baudehlo
Bitbucket is generally used for two reasons:

1: better Jira integration 2: no limit on number of projects

The second reason makes it very popular among small design/dev shops.

~~~
emmelaich
Also private repos for free. That's a big attraction even for individuals and
small groups.

------
inaudible
GitHub got off the ground on-selling an emerging open-source product as a
service with some innovations around data visualizations / analytics and
community structure, customized for the web. Their growth really comes down to
the right set of features at the right time, a low friction setup, good price
point and good flow of communication with their user base.

The perceived stagnation is likely a side-effect of scaling the operation to
fit with increased demand and the growth and expectations of their private &
enterprise (paying) customers, who have become notably more high profile as
the years roll on. With it comes the difficulty and expense of providing a
dependent, secure infrastructure and a more refined and audited code base to
fit the needs.

It's a diverse community here and while some groups consistently demand
feature freeze (hating on 'bloat', 'features coming from marketing', focus on
'core product'), others are only convinced that a products relevancy is based
only on cutting edge features ('we need feature a, because b', 'product c is
irrelevant because product d offers a'). To offer refinement that appeals to
both camps is a delicate tightrope.

Meanwhile you have market speculation that would use in part a forum like this
as a sounding board for some kind of consumer sentiment index.

The complaints with GitHub seem fairly incidental, people airing their
grievances on the incumbent because the cost of moving is considered either a
hassle or a big-deal. But moving is an option, and the perceived stagnation is
building a better competition (that they fulfill the promise without other
expenses is always the gamble). GitHub isn't without problems, and it does
seem like some obvious community complaints that have stagnated, but once
released it'll probably just be a case of 'finally, thanks, no love lost'.

In the end, Git by nature is decentralized, easily self hosted, and both
GitLab and Phabricator provide interesting open-source environments. It's not
exactly a one way street.

But maybe it was always going to be a tough market to corner? My prediction..
more posts on HN describing migration to a different system and how it solved
everything.. and then the followup 12-24 months later. Oh well.

------
imron
> They are not the real golden goose for the company. The big money comes from
> enterprise contracts.

I wonder how much of a halo effect the enterprise contracts get from the open
source community. People flock to github for their personal projects, and then
recommend it at work when the need comes up because that is what people are
familiar with.

I suspect the community is more of a golden goose than some people think. Kill
the community and you'll kill the site. It's not like it's difficult to clone
and upload a repository to some other site.

------
siegecraft
Github feels like a services company, not software. Maybe they always have
been. But that means they may lack the talent to deliver enterprise-level
features. Their API and extremely coarse permission don't even let you build
your own. If that's your problem then it makes sense to bring in a new VP of
Engineering. But the new CEO certainly hasn't done anything to inspire
confidence since he took over.

------
bramgg
>if GitHub goes down, the software development world practically stops

Oh my goodness. Is this article just plain wrong, or does a large enough
subset of Silicon Valley & friends actually do this that they mistook that
behavior as including the other 99% of the software development world?

~~~
sarciszewski
I use Github for a lot of things. When it goes down, I just delay pushing a
commit for a little while.

------
emmelaich
"The company has reportedly always been cash-flow positive ..."

That's a nice crisis to have.

------
trhway
back at the times Sun made a separate Sun Federal to firewall those activities
from the rest of the company. I think GitHub can do the similar trick, ie.
create GitHub Enterprise.

------
Grue3
Good, it outgrew its usefulness (making Git popular). Now that there are
better priced / open-source alternatives GitHub is on a course to irrelevancy.

------
untilHellbanned
Repeat after me coders: Sales is not evil.

~~~
larzang
Of course, my job wouldn't exist without the sales people bringing work into
the company.

That doesn't mean I'm not glad they all sit clear on the other side of the
office in a quarantined section where they can extrovert at each other all day
and leave the rest of us to code in peace.

~~~
randycupertino
> where they can extrovert at each other all day

This is hilarious and I am going to have to steal it! XD

------
wsha
"This person who used to be your peer is now your manager."

Welcome to reality, GitHubbers. Not sure how else you expect a 500+ person
company to run itself.

------
beaner
Is anyone else bored by hoodie culture? I used to work at a startup like that
when I was young, and I enjoyed it then, but there can be so much more to
companies.

Where I work now, engineering is roughly a quarter of the company. The rest is
made up of legal, compliance, business development, people ops and some other
miscellaneous.

You know what? It's great. There are more extroverts in the office, people who
go out to parties and invite me to things. Our happy hours are more lively. We
play more beer pong instead of Halo. There are more women in the office. There
is more laughter.

Bring in the enterprise. The company will make more money and grow and
succeed, and the people will have a wider, more enjoyable variety of
experiences.

And if people really don't like the mingling, they can choose to sit at the
far side of the office in the dark by themselves, being passively sarcastic at
others in IRC. They'll eventually leave and be replaced by happier people.

~~~
spike021
Not sure what you're trying to say here?

I work at a company where the dress can be anywhere from hoodies to jeans and
collared shirts.

We have sales people who are really awesome and extroverted, yet they come in
wearing hoodies, or hawaiian shirts on hawaiian shirt day, but also know how
to dress more formally when necessary.

~~~
beaner
I use "hoodie culture" to mean generally introverted male programmers. That
there are obviously exceptions is a little missing the point I think.

------
sarciszewski
The only reason I still use Github is because of the network effect. If they
fall apart, I'll migrate to a self-hosted Gitlab instance and that will be the
end of that.

I'm just hoping that, should GH fail, it hold off on failing until I learn
Ruby sufficiently well to review the entire GL code base so I can deploy it
_with confidence_.

EDIT: Yes, "with confidence" is a very important qualifier that is drastically
important to the meaning of that sentence. It's not a prerequisite for
deploying _at all_ , but without reviewing the entire codebase I cannot feel
_confident_ about its security.

~~~
cooper12
That's a funny double standard you have right there with how you don't feel
the need to audit GitHub before using it.

~~~
sarciszewski
> That's a funny double standard you have right there with how you don't feel
> the need to audit GitHub before using it.

Where did I ever say I use Github _with confidence_?

I've answered this several times below: I use software all the time that I do
not feel confident about.

My statement was about hopefully being able to use GitLab with confidence,
which is a goal that is only attainable because I can deploy it on my own
hardware. It's made easier by the fact that GitLab is open source.

If GitHub melted tonight, I'd jump on GitLab tomorrow, but I wouldn't feel
confident about the security of my infrastructure.

That doesn't mean I feel confident about GitHub. AT ALL.

I'm not attacking GitLab.

I'm not inflating GitHub's security or importance.

All I'm saying is that I'll hopefully have the opportunity to review it before
a nuclear GitHub meltdown forces me to blindly deploy it and not feel
confident about it.

Can we all agree that that's an uncontroversial notion? Or is that too much to
ask?

~~~
cooper12
No, that's reasonable. Thank you for clarifying, especially the distinction
regarding GitLab being self-hostable and open-source. Apologies if my comment
came off as accusatory, I really did find it funny—as in peculiar—because I
have seen people have a bias towards the quality of open-source software even
though the closed-source alternative is opaque.

~~~
sarciszewski
> Apologies if my comment came off as accusatory, I really did find it funny

This thread has been a land mine of accusatory reactions, so I apologize for
painting yours in a similar brush.

> I have seen people have a bias towards the quality of open-source software
> even though the closed-source alternative is opaque

Reverse engineering isn't hard, it's just a speed-bump.

I work on a lot of open source projects. At the risk of sounding self-
promotional to on-lookers, I'd like to talk about one in particular:

[https://github.com/paragonie/random_compat](https://github.com/paragonie/random_compat)

[https://packagist.org/packages/paragonie/random_compat](https://packagist.org/packages/paragonie/random_compat)

Random_compat has been downloaded almost 2 million times (according to
Packagist), incorporated into WordPress, Laravel, Symfony, etc. It's by far
the most collaborative project that Paragon Initiative Enterprises has
produced for the open source community.

Yet, until the most recent release, the documentation referred to a
MCRYPT_CREATE_IV constant that does not exist. The correct constant is
MCRYPT_DEV_URANDOM. Somehow, we all missed it.

"Open source is automatically more secure" is a fallacy. I just happen to like
open source better, personally.

Aside: despite being downloaded ~1.9 million times, a grand total 30 people
outside of Paragon have contributed to its development in some way so far. The
"many eyes" are actually quite sparse, especially when it comes to security
expertise. (I think it's reasonable to say those 30 represent much of the the
upper 0.01% of security talent in the PHP community.)

~~~
cooper12
You make good points; we shouldn't automatically assume open source is more
secure. It's definitely a more nuanced topic than whether or not the source
code of something is available. Thanks for the reply.

------
ikeboy
>Enterprises often want assurances of uptime that carry legal or financial
penalties, they need certain features for security and for accountability, and
they often want the ability their suppliers to have met certain audits and
standards for security, operations and so on.

That's not how you English.

~~~
dang
Please don't be rude.

