Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It seems a certainty to me that github will be breached one of these days, and all internal data (i.e., private repos) made public. On that day, so many companies will inadvertently become open source!

Do we have any info on what steps github takes to prevent this? I ask as a paying customer (with both personal and corporate accounts).



On that day, so many companies will inadvertently become open source!

Well, no. They would be inadvertently source-available. If the license doesn't comply with the Open Source Definition, it's not open source.

EDIT: Downvoted as usual for correcting false impressions about how free software and open source works.


This. If we accept "stolen and leaked information" as open source, we may as well start coaching discussions about privacy leaks in the same way. "Ashley Madison customers' information open sourced"


"EDIT: Downvoted as usual for correcting false impressions about how free software and open source works."

Are you seriously suggesting that the OP you responded to was comparing "stolen" or "leaked" software to open source? That is probably why you're being downvoted, not because people around here have a false impression as to what constitutes open-source.


"Open source" has an established meaning. Even if the poster in question was using the term facetiously, I feel it must be corrected since there is legitimately a large body of misconception surrounding the mechanics of free software and open source, and such humor may fuel it further.

Moreover, it reflects a critical flaw in the open source dogma as compared to free software. Open source puts source code at the forefront, which is fallacious. The key elements are the ability to run unfettered, study, modify and redistribute identical or modified versions. The source code is a necessary precondition for properly exercising those freedoms, but not a central focus in any real sense. It is easy to misinterpret "open source" as being about publicly viewable source code, and many companies have exploited this to their advantage presently or in the past (GitHub with Atom, Epic Games with UE4, etc.)


> On that day, so many companies will inadvertently become open source!

The OP was explicitly calling such stolen or leaked software open source. Please read more closely.


I did not downvote you, but I think you're being downvoted for lacking a sense of humor, not for correcting "false" impressions.


Like http://homakov.blogspot.nl/2013/03/hacking-github-with-webki... or http://homakov.blogspot.nl/2014/02/how-i-hacked-github-again... ? ;)


If such a massive scale breach would happen, it would probably have to take weeks because GitHub probably has so much data. (I would guess on the order of hundreds of TB or a few PB).

It would be more likely to just have handful of high visibility repos.


You're probably right. It's unlikely that a hacker would care about my private repos.

That being said, I'm also curious about GitHub's efforts to prevent such a scenario.


Which makes me wonder: how would one prevent such a scenario, where you cannot simply encrypt with a shared key given github's auth model ?


I'd imagine that for legal/security reasons, you'd get about the same response as any other company:

"We use better than industry standard encryption on private repo data, encrypted with AES-1024 and encrypted in transit via TLS-3 etc etc..."

But, I don't know. What was that quote? "Don't put anything on the internet that you wouldn't want to see on your grandma's coffee table."


I don't think most people would mind having their source code on their Grandma's table. Free off site backups :)


Touche. You'll be the first invited to my new BGCTaaS business then—Backup to Grandma's Coffee Table as a Service.


You would probably get a better answer if you asked Github this question.


Github employees are here on HN, and just as likely to answer here vs a tweet or whatever.


Yes, but this isn't a support channel. Twitter and their support email(s) are a support channel. They may answer the question here, just like they may answer the question if you sent them a snail mail with it written in crayon. But they are not required too.


Support channel is where I go when I can't access my account, or want to submit a feature request. Anyway, it'd be awesome if someone posted a technical response here, but I don't expect them to.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: