Richard Bucker

Lots of DVCS angst

Posted at — Dec 31, 2014

Recent articles covering GHTorrent,github and AWS keys made me cringe. As much as I like bitbucket, github, launchpad and others I’m scared that a quick slip could give away the keys to the kingdom. Even if it’s an accident.I think whatever the circumstance your code have to be In-house and private. FossilFossil+docker. https://github.com/kassanmoor/fossildockerdockerfile https://www.sqlite.org/debug1/info/a7fc0c5f6e822bb3ad497b43231c6c0d0f70403fGitGogs  http://gogs.ioFossil is great because backups are as simple as copying a single SQLite file. It also includes a wiki, issues manager, CLI and web GUI. The binary is both client and server; and available for major operating systems. Gogs is git with a web wrapper. However Git has an advantage with many proper client apps. Tower, github, tortoisegit, sourceit, and many more. My first choice is fossil as it feels the most sensible. Linkhttps://jordan-wright.github.io/blog/2014/12/30/why-deleting-sensitive-information-from-github-doesnt-save-you/Unrelated to DVCS there is ngrok. It’s a nifty little project but there are so many risks.  (a) it is it’s own man in the middle (b) captures and can replay HTTP requests (c) since you might be using it as a phonehome mechanism it might let a little too much information through. And then there is it’s little cousin GoPee(India). And Hyperfox(Mexico).The answer might be ephemeral connections. Ephemeral connections make knowing the actual credentials almost meaningless.