At what point do developers get criticized/held responsible for using public repositories for private websites? I get it, people like github but when you can get a private repo on bitbucket for free there's no excuse for this.
> people like github but when you can get a private repo on bitbucket for free there's no excuse for this.
Absolutely, Github public repos have always been a blackhat gold mine. But I guess a lot of people have never heard of Bitbucket, since Github is advertised everywhere , on education blogs, books , ... I'm sure some noobs using it don't even realize repositories are public and searchable.
This isn't a problem with public/private repositories. It's possible to commit the config files for Wordpress without exposing your passwords - you just have to not be lazy about it, and store the actual values in the environment or pull them from a file you don't commit with everything else.
Github does have a wider set of services that integrate with it. That said, if you have to go Github, private repos aren't that expensive. (And more services seem to be recognizing that Bitbucket is an increasingly popular options)
I love GH, but I only use it for my public projects. Limiting private repos ($200 for 125?) seems insane to me, and it will drive people to make public items that shouldn't be.
For any private projects, or ones involving clients, I use BitBucket and make all repos private. It's a difference of $190 for me (I use the $10/mth plan with BB and host well over 125 private repos).
> I love GH, but I only use it for my public projects. Limiting private repos ($200 for 125?) seems insane to me, and it will drive people to make public items that shouldn't be.
But that's not really github's fault for people having public repos. For $20/month I can setup a VPS with my own source code hosting service (full management like gitlab) and host all the repos I want. I get people love the features of github - but they never really use them.
I would say people use public repos on github because they are lazy. And when people get nailed for uploading their Amazon AWS keys - they should really think about an alternative solution for their git repo needs.
