I have read this thread but I'm wondering how secure such a solution would be? I know that github offers ssh/ssl support and am familiar but could someone give me a breakdown of what sort of internal security they would use to make sure my committed conf/credential files don't get hacked?
EDIT: I've read http://help.github.com/security/ but I would like an answer from someone who has worked with multiple repository hosts and has real-world experience with this.
We tried out github recently.
Compared with our previous git hosting (which was on our own linux virtual server), I'm not overly impressed with the security. We did decide to use it, but only for projects where keeping the code private wasn't a huge concern.
Namely:
- There's no company control at all over the user accounts. We control which users have access to our repository, but there's no password policies, the users pick their own email addresses, etc.
- There's no way to limit access by IP address
- Passwords can only be reset by the user
- Compromising the users email account (which we're unable to see what account they've set it to) also results in a compromise of their github account, as they use an email challenge to reset forgotten passwords.
- There's no access logs (there is an audit trail for most or possibly all changes, but no logging at all for access)
- Access to the web front end is only password protected, so is vulnerable to password reuse from other sites and to some extent to brute forcing (github's statement about what they do for failed logins is pretty unclear).
One or two of these we could live, but in combination they basically make github completely unsuitable.
They have added 2 factor authentication recently, and there is an API so that organisations can at least check if users with access to their repositories have two factor authentication enabled. Whilst I don't feel this is really the best solution, it probably just about moves github into being secure enough that it can be considered for private repos.
As mt3 notes, you can run an enterprise install instead, which presumably significantly improves security - but the cost difference between that and a standard github company account is staggering, and it would probably mean you miss out on all the third party tools that integrate with github.
On a non-security note, they do at least now support annual billing properly, which helps reduce the paperwork overhead.
GitHub have recently announced new business plans with extra features - this could solve '1'/'4'/'5'. (Though the 'uptime guarantee' that's part of it is pretty laughable - not even "four 9s", and excludes scheduled maintenance and anything they deem 'outside their reasonable control' - and it's not an actual guarantee, it's just a small credit against your next bill which is capped to be no more than a third of your bill. Basically very carefully worded marketing weasel words instead of any kind of commitment from them.)
They've had major security incidents in the past:
http://www.h-online.com/security/news/item/GitHub-security-incident-highlights-Ruby-on-Rails-problem-1463207.html
Frankly, I wouldn't entrust code I want to keep private (or any other sensitive data) to the cloud unless it is encrypted and only I hold the key.
How long is a piece of string?
This is a pretty hard question to answer.
Looking at their security page they seem to have pretty much everything covered, assuming they actually do all that stuff.
You could argue that putting your code on github is more secure than having it stored on an in-house server, many companies would not have as good a setup or security policies as github describe. Does yours?
You can also run Github's Enterprise installation on your own servers. $5000/year for a 20 seat license.