将代码保存在 gitlab 中是否危险 github

Is it dangerous to keep code in gitlab and github

将代码保存在 gitlab 和 github 中是否危险?

我听说将我们的代码提交到 gitlab 和 github 是非常安全的。

原因是每个代码都经过哈希处理,每个人几乎不可能在不使用 git 工具的情况下更改代码。

这是真的吗?

正如我在“", it is "safe" in term of data integrity (Linus Torvalds, 2007”中提到的:

We check checksums that is considered cryptographically secure. Nobody has been able to break SHA-1, but the point is, SHA-1 as far as git is concerned, isn't even a security feature. It's purely a consistency check. The security parts are elsewhere.
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.

Having a good hash is good for being able to trust your data

这与以下无关:


OP 添加:

what I mean is the owner of gitlab or github may steal our code

这是一个信任问题:如果您的代码位于 private 存储库中,git 托管服务器是否可以访问您的代码?技术上是的。
他们会访问您的私人代码吗?正如“Can third party hosts be trusted for closed-source/private source code management?”中提到的,没有什么能阻止他们。
然而,many startups have their private code on, for instance, GitHub.

如果您真正担心保密问题,那么您保留所有代码库的所有权很重要,包括存储它的服务器(意味着拥有您自己的 Git 存储库托管服务器)。

重要的是要记住,即使 git 是最安全的版本控制工具,因为它会在您发出的每个命令中进行哈希检查,但重要的做法是不时备份存储库...

有时是因为硬件或软件故障,但有时是为了防止因人为错误而丢失数据。

个人克隆并不总是足够的。