Ask HN: Should you trust GitHub with your company's code/data?

by llmblockchain on 6/27/2024, 12:50 AM with 5 comments

Given code scanning (copilot, llms, etc) should you trust Github with the code for your company?

Currently I am self hosting (which is fairly cheap, ~$100/year if you include a domain name) but sometime I wonder if I make things hard on myself for no reason ;p

  • by talldayo on 6/27/2024, 1:02 AM

    If it was going to be Open Source anyways, sure. I will generally keep a local copy of the up-to-date repo and don't really worry about Github taking that away from me. Scanning and training is stuff they can do when I host it anywhere, so I'm not really spooked by that either.

  • by TillE on 6/27/2024, 2:08 AM

    What's the plausible worst case scenario here? GitHub accidentally trains on private repos (or Microsoft is, insanely, lying) and leaks some random tiny snippets of your code? That would be a personal violation but the actual damage seems negligible.

    I mean self-hosted GitLab is fine, I don't know that you're losing out on any major features. But I wouldn't worry about using GitHub unless security and control of your assets is a critical necessity, in which case you definitely shouldn't trust some VPS/cloud provider either.

  • by pestatije on 6/27/2024, 1:09 AM

    microsoft already sees all ur emails, so whats the harm in adding the source code?