It doesn’t though. I need a secure, maintainable, audited, backed-up solution wh... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jahewson on Feb 26, 2022 | parent | context | favorite | on: Gitlab Critical Security Release

It doesn’t though. I need a secure, maintainable, audited, backed-up solution which would pass a SOC2 audit.

hedora on Feb 27, 2022 [–]

Any soc2 auditor (or other security auditor) that will sign off on self-hosted gitlab, but not self-hosted git should have their accreditation pulled!

Git's attack surface and trusted computing base are a subset of gitlab's. Even if gitlab security were perfect, it would still be no better than git.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact