Ok, thanks. I didn't realize there was a difference! I thought Git SCM ran GitHub. I haven't yet read this clear distinction. Of course I wasn't the one who chose GitHub in the first place.
-----Original Message----- From: David Turner [mailto:dtur...@twopensource.com] Sent: Wednesday, June 24, 2015 4:00 PM To: BGaudreault Brian Cc: David Lang; Konstantin Khomoutov; git@vger.kernel.org Subject: Re: Repository Code Security (Plan Text) Git is not GitHub (any more than a cat is a cathouse). Git is a piece of software; GitHub is a hosting service for Git. Contact GitHub for GitHub support. On Wed, 2015-06-24 at 19:53 +0000, BGaudreault Brian wrote: > Hi David Lang, > > I'm sorry, but I'm confused by your first two responses. Am I not contacting > Git when I e-mail this e-mail address? You sound like you don't know exactly > how GitHub works. Should I be contacting someone else for GitHub support? > > Thanks, > Brian > > -----Original Message----- > From: David Lang [mailto:da...@lang.hm] > Sent: Wednesday, June 24, 2015 3:20 PM > To: BGaudreault Brian > Cc: Konstantin Khomoutov; git@vger.kernel.org > Subject: RE: Repository Code Security (Plan Text) > > On Wed, 24 Jun 2015, BGaudreault Brian wrote: > > > Thanks. Yes, I meant that "local code" is code pulled down to a person's > > PC, so we don't want them to leave the company with access to this code. > > So we can only prevent this scenario by running GitLab in our environment > > instead of running GitHub in the cloud? Would removing a GitHub account > > from the GitHub repository prevent them from accessing the code on their PC? > > > > How do you prevent private GitHub repositories from being pulled down to > > unauthorized PCs? > > policy, you say that it's against policy for someone to put company info on a > personal machine. > > You probably run your own repository that's only available within your > network (or over your VPN) rather than using a cloud service like > github (you may want to check with github to see if they can lock down > a private repo to only be accessed from specific IP addresses) > > you will also need to make sure that people don't plug personal laptops into > your corporate network, and that they don't use personal phones to access > company e-mail. > > The bottom line is that it's no different from preventing them from having > access to any other sensitive data in your company. What measures do you have > in place to keep them from taking sensitive Word Docs or spreadsheets when > they leave? do the same thing to deal with their access to code. > > David Lang > > > Thanks, > > Brian > > > > -----Original Message----- > > > > On Wed, 24 Jun 2015 18:18:00 +0000 > > BGaudreault Brian <bgaudrea...@edrnet.com> wrote: > > > >> If someone downloads code to their notebook PC and leaves the > >> company, what protection do we have against them not being able to > >> access the local code copy anymore? > > > > What do you mean by "local code"? > > That one which is on the notebook? > > Then you can do literally nothing except for not allowing cloning your Git > > repositories onto random computers in the first place. > > > > If you instead mean the copy of code available in the repositories hosted > > in your enterprise then all you need to do is to somehow terminate the > > access of that employee who's left to those repositories. > > (This assumes they're accessible from the outside; if they aren't, > > the problem simply do not exist.) > > -- > > To unsubscribe from this list: send the line "unsubscribe git" in > > the body of a message to majord...@vger.kernel.org More majordomo > > info at http://vger.kernel.org/majordomo-info.html > >
