From: David Turner <dturner@twopensource.com>
To: BGaudreault Brian <BGaudreault@edrnet.com>
Cc: Konstantin Khomoutov <kostix+git@007spb.ru>,
"git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: Repository Code Security (Plan Text)
Date: Wed, 24 Jun 2015 15:21:12 -0400 [thread overview]
Message-ID: <1435173672.6499.2.camel@twopensource.com> (raw)
In-Reply-To: <BLUPR0701MB196947C0396E91F8CCE39200D7AF0@BLUPR0701MB1969.namprd07.prod.outlook.com>
What most companies do is this: they issue their employees computers,
and then when the employee leaves, they take the computers away. Of
course, someone could have copied the code before leaving the company.
The typical remedy for this is a contract saying "don't do that". But I
guess some companies just go straight to the FBI see e.g.:
https://en.wikipedia.org/wiki/Sergey_Aleynikov
There is no technological solution that will prevent someone from
accessing something that lives on their own computer (just ask the movie
and music industries, which tried to find one for about twenty years).
On Wed, 2015-06-24 at 18:59 +0000, BGaudreault Brian wrote:
> Thanks. Yes, I meant that "local code" is code pulled down to a person's PC, so we don't want them to leave the company with access to this code. So we can only prevent this scenario by running GitLab in our environment instead of running GitHub in the cloud? Would removing a GitHub account from the GitHub repository prevent them from accessing the code on their PC?
>
> How do you prevent private GitHub repositories from being pulled down to unauthorized PCs?
>
> Thanks,
> Brian
>
> -----Original Message-----
> From: Konstantin Khomoutov [mailto:kostix+git@007spb.ru]
> Sent: Wednesday, June 24, 2015 2:31 PM
> To: BGaudreault Brian
> Cc: git@vger.kernel.org
> Subject: Re: Repository Code Security (Plan Text)
>
> On Wed, 24 Jun 2015 18:18:00 +0000
> BGaudreault Brian <BGaudreault@edrnet.com> wrote:
>
> > If someone downloads code to their notebook PC and leaves the company,
> > what protection do we have against them not being able to access the
> > local code copy anymore?
>
> What do you mean by "local code"?
> That one which is on the notebook?
> Then you can do literally nothing except for not allowing cloning your Git repositories onto random computers in the first place.
>
> If you instead mean the copy of code available in the repositories hosted in your enterprise then all you need to do is to somehow terminate the access of that employee who's left to those repositories.
> (This assumes they're accessible from the outside; if they aren't, the problem simply do not exist.)
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2015-06-24 19:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-24 18:18 Repository Code Security (Plan Text) BGaudreault Brian
2015-06-24 18:31 ` Konstantin Khomoutov
2015-06-24 18:59 ` BGaudreault Brian
2015-06-24 19:20 ` David Lang
2015-06-24 19:53 ` BGaudreault Brian
2015-06-24 20:00 ` David Turner
2015-06-24 20:17 ` BGaudreault Brian
2015-06-24 20:10 ` David Lang
2015-06-24 19:21 ` David Turner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1435173672.6499.2.camel@twopensource.com \
--to=dturner@twopensource.com \
--cc=BGaudreault@edrnet.com \
--cc=git@vger.kernel.org \
--cc=kostix+git@007spb.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).