Constantine A. Murenin
Posts tagged ‘git’
Bitbucket and all: do you trust them your private bits?

I started using Bitbucket for my private repositories a very short while ago, since they now support git.

Unlike github.com and gitorious.org, Bitbucket provides unlimited private repository support for both git and hg, and they also have Australian roots, for a bit of redundancy in who to trust your repositories to. :-)

The best thing about git is that due to the strong sha1 hashes and the distributed nature of each individual repository, you don’t have to worry about anyone else messing up with your repository without you ever noticing during the course of normal operations, since that’s merely impossible or at the very least very-very-very improbable for the near future. So, pretty much, any git hosting will do for a public repo, and if they misbehave, it’ll be entirely obvious very quickly and you can drop them with little to no ill effects whatsoever. This is why Linus Torvalds said in his Google tech talk, let me paraphrase / rephrase / extrapolate, that he’d trust an anonymous hoster from Nigeria with a git repo, but wouldn’t ever trust Google Code with an svn one.

However, in case of private repositories, you obviously do care for the private nature of your bits. Which poses a good question: can you actually trust any shared external source service to have even read access for your private repositories? How much care have they taken to safeguard your private repositories, and make sure no unauthorised people ever get access to it?

One thing for sure, is that I would never trust an outside party to have access to my /etc/master.passwd or /etc/shadow (somehow etckeeper on the 2011 Debian does keep track of your shadow file!). For other things, it’s still debatable who to trust, but I can only hope that Bitbucket has taken all the measures at ensuring my private stuff stays private…

I don’t have stuff worth a million dollars in my private repositories (or, at least, I’m not yet aware of such specific and immediate potential), but I still may have stuff there that one might easily classify as trade secrets (and rightly so), hence an unintentional release would make me very uncomfortable to say the least.

Posted 1 month ago
6 notes • view comments
Tagged: Bitbucket, git, github, .