How do DVCS (Github, BitBucket, etc...) ensure private project code integrity?
How do DVCS (Github, BitBucket, etc...) ensure private project code integrity?
Sure, the companies claim no intellectual rights when you upload your code to their online repositories, but how is the privacy of the project ensured so that only the people with write/commit access to such repositories can actually view the data?
What happens if you decide to, let's say, move your project to a private server or another host? Will your project be "deleted" or only "removed" from the public index?
How can you be sure that the CEO of the company where you host your project will not be able to view your data?
Do these companies go through some sort of regular certification? Or this whole deal based on trust and understanding?
Unless those providers explicitly mention offering encrypted repos (which Assembla alludes to here, but it could only refers to https encryption), you don't have 100% guarantee.
The only way to add that level of security would be to pursue a User controlled end-to-end encryption, leveraging git's smudge/clean filter driver:
See "Transparent Git Encryption":
User controlled end-to-end encryption solves the problem:
Before data is pushed to the remote repository to store, it is encrypted with an encryption key which is known only to the data owner itself. Management of the encryption key(s) and the encryption/decryption processes is always tedious and easy to get wrong.
In the following, we shall demonstrate how to use Git with encryption in a way transparent to the end user.
- git@github.com: Permission denied (publickey)
- New lines inside paragraph in README.md
- GitHub ghost users as commits when using Source Control in Visual Studio 2022
- How to delete branches whose name matches a certain pattern
- Is there a way to embed github code into an iframe?
- Github Your access to this site has been restricted in Go Http client
- Multiple jobs and deployment protection
- How to add images to README.md on GitHub?
- How do I push to GitHub under a different username?
- How can I trigger a `workflow_dispatch` from the GitHub API?
- Is there a way to determine in a GitHub Actions workflow step if the current runner is self-hosted?
- Git remove file from all commits
- How can I delete a repository on github with an arrow?
- Documentation versioning for GitHub projects
- "Can't push refs to remote. Try running 'Pull' first to integrate your changes."
- Git Credential Manager Not Found on WSL2
- Invalid copilot token: missing token: 403
- github Dependabot alert: Inefficient Regular Expression Complexity in nth-check
- List file sizes in GitHub
- How to publish an organization repository in Github using VSCode
- Github actions share workspace/artifacts between jobs?
- Does Mutation Response Data Count As Query Points in GitHub GraphQL API?
- Difference between 'git request-pull' and 'pull request'
- git clone hangs on "Cloning into..." using GitBash
- Referencing a .css file in github repo as stylesheet in a .html file
- Conda install non-python library from github
- Git - case sensitivity issue
- How do I rebase my PR without adding commits to it?
- Delete a workflow from GitHub Actions
- Cannot trigger dispatches from GitHub API