Hacker News new | past | comments | ask | show | jobs | submit login
Ask YC: Hosting your source code outside, it's really secure?
7 points by pibefision on April 3, 2008 | hide | past | favorite | 19 comments
I'm seeing a lot of people who host code outside. Maybe to get aditional functionalty or as a backup solution.

If you are a small startup, and your code is your life, because u worked so hard on it, its really a good idea host it outside? Using Lighthouse App, or any other service?




Given that:

1) Many programmers don't even bother to look at the source of open source libraries and projects they use instead of just cargo culting

2) Code changes really often because of the never ending list of bugs and new features

3) A lot of code (including some of my past work and probably some of yours) is garbage (at any given point)

4) Even if your code isn't garbage, the guy looking at it may think it's garbage

I wouldn't worry too much until your application gains in popularity


i would say in most cases it doesn't matter if its secure because

A) The person breaking into the source code server isn't your competitor

B) Source code isnt the life of most web 2.0 startups. If I gave you the source code to Twitter it wouldn't get you very far.


B) What if we could get access to an early release of Basecamp?


i'd add that in the world of web2.0 the most important part of the code is de-facto disclosed. it's JavaScript, CSS and HTML.


I would first determine if your source code really warrants the effort needed to keep it secure from prying eyes. We've evaluated several factors including the source code, the service built leveraging that codebase, the people involved in the execution, and the business plan that mixes everything together. For us, in every scenario we could model the value generated by the code was much higher if it were open-sourced.

For example, because the code is open to all, the developers are motivated to produce much better documentation and testing harnesses, usually before they actually do the code itself - internal costs go down. This pays for itself many times over in time saved during debugging and deployment.

Another example is that we've received a lot of critical peer review of our code which has helped us catch and fix flaws in our security and design - internal costs go down, public perception of security becomes positive.

In my experience and market research, it is nearly always the execution of the business that significantly outweighs any super-secret Python methods I may have thought were cool at 2am :)


Your users are your life. Your source code is an implementation detail. :-)

Most Web 2.0-ish startups aren't doing a lot of really tricky stuff behind the scenes (i.e. you can kind of guess what the implementation is like most of the time anyway) and most commercial competitors aren't going to be dumb enough to risk the legal implecations of stealing your code. The chances of you losing your work because you didn't have an off-site backup are infinitely higher than you losing it because a competitor steals it and uses it against you.

That said, since I already had a VCS set up here, and have a little of The Paranoia too, we use a local server for version control and then do a GPG encrypted backup offsite.


Lighthouse is actually for issue tracking. The company that makes Lighthouse also makes Warehouse, a similarly elegant system that developers install on their own servers.


Thanks! I did't notice that.


I'm curious about what you mean by security. Are you afraid that your host will steal/look at your data, or other external baddies?

If it's external baddies, then yes, I suppose that's something to be concerned about... If you're the only developer, or you only need an internal repository (i.e. on a LAN) then I'd just host it locally and back up regularly to a secure host.


What size team? If you are only one person then have a local svn repository and backup to S3.


This is something I have recently been very curious about. The services offered by Beanstalk and Github are very alluring.


Fine! I'm not the onlyone! :)


Are you worried that someone might copy your code or that your code might become inaccessible to you?


I'm worried about someone accessing to my code.


Why not keep your source code local and upload only the object code to your host?


Wouldn't that defeat the point of using SCM?


Which is most important to you?


well... if you are sharing the code with the world does it matter? unless you are worried it will get corrupted. use git with your co-founders/employees if you are worried about it being stolen.


We use cvsdude.com.

commenting from my nokia n810 :-)




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: