Hacker News new | comments | ask | show | jobs | submit login
Show HN: Codekeeper – Source Code Escrow for Developers (codekeeper.co)
37 points by ddewit on Oct 18, 2017 | hide | past | web | favorite | 15 comments

Source code escrow is a great service, and one that ALL developers who do client contract work should look into. I've been creating bespoke software for business clients for nearly 30 years now as a one man business, and I have a clause in all my development contracts that stipulates should I pass on or my business ceases to exist, that full source code is released to my clients so they can engage another programmer to maintain those projects.

However, I do think the current pricing is quite high when given the expected timeframes that this sort of service can have. For example, I have one client where I have had their software in escrow with a local lawyer now for over 20 years! I believe my lawyer only charged me < $500 for the drafting of the contract way back then, and I've never seen a bill from him in 2 decades now for the CD of code that he has in his safe somewhere.

Mind you, that CD would be totally out of date now, with the incremental changes that I have made to the system over the years, and I have no real guarantee that the CD is in fact still in a safe somewhere as I have not spoken to my lawyer about this in some years.

That's why I think that this Codekeeper service is a good thing, as it always ensures your latest code is available. But the drawback are:

1. Is this service still going to be around in 10+ years? 2. The cost per month is still quite high. Given my project I mentioned above, it would have cost me $11760 to date to have my source code in escrow. If I am going to be around for another 10 years, then that is going to cost me another ~$6000.

I could conceivably pass those costs on to my customers, but then that is another thing I have to track and ensure they are billed etc.

One of the issues is that responsibility for maintaining the integrity of the code is 100% on the seller's side. Like you said, if you used this service, it would become extremely expensive over the long term. Since the purpose is to give clients value in the case that you're unable to continue providing service, why not give them an encrypted version of the code and make the key the failsafe? There still has to be trust, but then the client gets to choose the cost of maintaining that code snapshot.

You are right it's exactly the combination of ongoing snapshots and the need to only provide access when there's a verified release event. We try to provide that balance.

We also do verification, but that's mainly when there is 'less than optimal' trust between the developer and the licensee.

That CD is probably unreadable by now, unless you used a disc made specifically for storage and it has been stored in a climate controlled storage space. They lose out quite quickly.

+1. The OP should use a different storage media if the goal is to keep the data available after years. I speak for personal experience having lost dozens of CDs and DVDs, and I mean branded discs properly burned and verified. Burned Optical media becomes unreadable after a few years, sometimes showing first signs of failure afer only 3 years or less. That convinced me years ago to abandon completely their use in favor of hard drives which I swap every N years to keep up with the advancement of interfaces.

Anyway, M-Discs are a recent development in the optical media field promising 1000 years of reliability, but of course nobody will be able to test that claim anytime soon. http://www.mdisc.com/

I should check it. I haven't spoken to that lawyer in nearly a decade now.

But I guess this is the crux of my issue with a service like Codekeeper. The timelines could be WELL over what we initially estimate.

For the particular programming project I mentioned above, I only expected the code to be in escrow for about 3 to 5 years max. Never in my wildest dreams would I have envisaged my client using my software for 20+ years to drive their business! Had I known that in advance, I would have put in place some other form of long term storage.

As it happens - all that code is now on my BitBucket account as well as other offsite backups, but I am thinking having a unique read key and having that stored with my lawyer may be a better bet. If CodeKeeper was in the $100/year range, then I could conceivably charge my customers a fixed 'holding fee' to store it with them. But the Catch22 is that they probably need more revenue in order to stay in business longer, and I need a business that will stick around for the long term so that I can entrust my code to them. Ironic.

You describe exactly one of the scenarios why Codekeeper was made; the situation where a CD in a vault is enough, doesn't work anymore for many web apps under continuous development.

Source code escrow has to be an ongoing process too, which is also why it's differently priced than it was before.

Maybe I’m just a dummy but you should probably explain source code escrow as the first topic in your faq. I think I know what it entails but Im making a lot of assumptions...

Good point! We'll add that to the site. Thank you!

We created Codekeeper so you can now easily comply with escrow requirements from your enterprise and government clients, and more importantly, to help you close deals with those clients quicker.

Being developers ourselves it’s designed to keep your life easy and works in pair with Github, Bitbucket and the other SCM platforms.

We’d love to hear your thoughts and suggestions to make it fit even better inside your development or software business.


How are you guys planning on marketing this, if you don’t mind me asking?

Are you using smart contracts to power this?

Congratulations on shipping this! It looks like a very compelling offering!


Yes smart contracts are on our roadmap.

Marketing wise, we have several distribution channels that help us out at the moment. If you have ideas we'd be happy to hear them.

Too expensive.

Make a source code release and encrypt it. Put it somewhere accessible to the customer, e.g. an S3 bucket owned by them. Arrange for the key to be given to the customer under the terms of the escrow agreement, e.g. send a letter to your lawyer with the terms of release and the key.

I can see value in having someone handle this for me, with a nice UI. It's fundamentally a clerical job, though, with some legal process / responsibility. So $50/month is already a fair amount, to say nothing of $1000.

The ongoing deposits are the main issue which we automate for the client. Imagine doing what you describe for 50 repo's.

That would make you unhappy quickly. Also the lawyer would not do this for free.

I guess it's a matter of finding the right balance between cost and convenience.

The killer feature you should add is support for hosting an API, for trial usage. The escrow service would affirm that the trial API endpoint was produced by hosting a container on a given instance size.

The client then knows that the solution works and is runnable. The integration onus is then on the client, because the software has passed inspection before delivery.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact