Hacker Newsnew | comments | show | ask | jobs | submit login

It sucks my client will be able to say he was right about now allowing source code to be hosted on github.

(We ended up setting up a gitlab box and it works just as well)




What exactly is he right about? China hasn't done anything that you can't do on a local WiFi connection. They grab the connection and put a self-signed cert to it. Security is still intact. The only way this hurts anyone is if they blindly trust all certificates, in which case they're screwed anyways.

-----


I'm not saying he's right about anything -- he'd remind me of his preference to host inhouse.

Personally, I use a mix

-----


I find this a sad commentary about your (and certainly others) relationship with your clients.

-----


There is nothing wrong in insisting the repository to be hosted on the client metal. The way things were done in the ancient times before the cloud to become the favorite buzzword of the month.

-----


I agree. The cloud isn't new. VPN's have existed for ever as well as client-mainframe.

The perception that the cloud is somehow re-invented is in fact the saddening thing. It's just more accessible and faster than in the fast, but ultimately you can't manage infrastructure by abdication and farming it out.

There's always an uneasy balance between security and convenience.

-----


This is utter rubbish, hosting your own git server(s) is easily justifiable.

The client declining to hosting code on github should be enough justification.

-----


My client would never allow their source code to be hosted in the cloud either. There's really no point fighting them on this, since they employ security and legal teams for just this purpose. The external marketing partner is not going to trump that. Ever. And there's nothing wrong with this.

-----


I'm not sure what's sad.

There's always a precarious balance between security and convenience.

The customers own their code. They have been around longer for more oscillations between the "cloud" and bare metal than most people who have an opinion on it.

They're forward thinking enough to not embrace the cloud, or bare metal, and instead are exploring hybrid cloud technology that can run on a combination, and more importantly, move dev ops between different environments.

One reality is many people who blindly think it's ok to put everything on in the cloud, don't always know of the reality of liability, or have a relationship with any codebase and the associated IP for more than a few years.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: