将代码保存在 gitlab 中是否危险 github
Is it dangerous to keep code in gitlab and github
将代码保存在 gitlab 和 github 中是否危险?
我听说将我们的代码提交到 gitlab 和 github 是非常安全的。
原因是每个代码都经过哈希处理,每个人几乎不可能在不使用 git 工具的情况下更改代码。
这是真的吗?
正如我在“", it is "safe" in term of data integrity (Linus Torvalds, 2007”中提到的:
We check checksums that is considered cryptographically secure. Nobody has been able to break SHA-1, but the point is, SHA-1 as far as git is concerned, isn't even a security feature. It's purely a consistency check.
The security parts are elsewhere.
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.
Having a good hash is good for being able to trust your data
这与以下无关:
- 隐私(不依赖于 Git 本身,而是依赖于 Git 托管服务器,如 gitHub 或 BitBucket)
- 用户身份(真正确定提交用户,如 Thilo
, you can sign commits (see "A Git Horror Story: Repository Integrity With Signed Commits")
OP 添加:
what I mean is the owner of gitlab or github may steal our code
这是一个信任问题:如果您的代码位于 private 存储库中,git 托管服务器是否可以访问您的代码?技术上是的。
他们会访问您的私人代码吗?正如“Can third party hosts be trusted for closed-source/private source code management?”中提到的,没有什么能阻止他们。
然而,many startups have their private code on, for instance, GitHub.
如果您真正担心保密问题,那么您保留所有代码库的所有权很重要,包括存储它的服务器(意味着拥有您自己的 Git 存储库托管服务器)。
重要的是要记住,即使 git 是最安全的版本控制工具,因为它会在您发出的每个命令中进行哈希检查,但重要的做法是不时备份存储库...
有时是因为硬件或软件故障,但有时是为了防止因人为错误而丢失数据。
个人克隆并不总是足够的。
将代码保存在 gitlab 和 github 中是否危险?
我听说将我们的代码提交到 gitlab 和 github 是非常安全的。
原因是每个代码都经过哈希处理,每个人几乎不可能在不使用 git 工具的情况下更改代码。
这是真的吗?
正如我在“
We check checksums that is considered cryptographically secure. Nobody has been able to break SHA-1, but the point is, SHA-1 as far as git is concerned, isn't even a security feature. It's purely a consistency check. The security parts are elsewhere.
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.Having a good hash is good for being able to trust your data
这与以下无关:
- 隐私(不依赖于 Git 本身,而是依赖于 Git 托管服务器,如 gitHub 或 BitBucket)
- 用户身份(真正确定提交用户,如 Thilo
OP 添加:
what I mean is the owner of gitlab or github may steal our code
这是一个信任问题:如果您的代码位于 private 存储库中,git 托管服务器是否可以访问您的代码?技术上是的。
他们会访问您的私人代码吗?正如“Can third party hosts be trusted for closed-source/private source code management?”中提到的,没有什么能阻止他们。
然而,many startups have their private code on, for instance, GitHub.
如果您真正担心保密问题,那么您保留所有代码库的所有权很重要,包括存储它的服务器(意味着拥有您自己的 Git 存储库托管服务器)。
重要的是要记住,即使 git 是最安全的版本控制工具,因为它会在您发出的每个命令中进行哈希检查,但重要的做法是不时备份存储库...
有时是因为硬件或软件故障,但有时是为了防止因人为错误而丢失数据。
个人克隆并不总是足够的。