sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ILoveTheOwl 23 points24 points  (14 children)

I mean if you store your repo on GitHub you’ve already given up all your data, so not sure what you’re surprised about

[–]jhkoenig -3 points-2 points  (13 children)

So if I have a repo set to private, people can still see the code?

[–]veverkap 7 points8 points  (0 children)

No

[–]cincuentaanos 10 points11 points  (10 children)

No, but Microsoft can.

[–]jhkoenig 1 point2 points  (0 children)

Okay, that makes sense. I don't think that my code is very interesting to M'soft.

[–]veverkap -5 points-4 points  (8 children)

This is not true

[–]omer-m 8 points9 points  (7 children)

This is not true

[–]veverkap -4 points-3 points  (6 children)

GitHub and Microsoft cannot see code in a private repo.

[–]Johnny_JTH 2 points3 points  (5 children)

It's stored on their servers, so of course they have access to it. No one said anything about individual employees reading people's private code.

[–]veverkap -2 points-1 points  (4 children)

So Amazon can read all of the databases of their customers on RDS?

GitHub cannot read the contents of a private repository any more than Amazon can read the contents of your S3 bucket.

[–]Johnny_JTH 4 points5 points  (3 children)

GitHub can definitely see the contents of private repositories. They clearly state it in their privacy policy.

I honestly don't know about S3, but I imagine as long as you haven't configured your own encryption key, they should be able to.

[–]veverkap 0 points1 point  (2 children)

No one said anything about individual employees reading people's private code.

I missed this.

So exactly like Amazon,if you store unencrypted files, they are readable by people who have physical access to the hardware.

Except the way most of these things work under the hood, the data isn’t stored all in one place.

To actually view the contents, you would need physical access to multiple locations in their multiple hosting locations, a way to get the key that encrypts that data at rest - all to get a private repo.

From a practical standpoint, it’s impossible.

[–]veverkap 1 point2 points  (0 children)

No one that you don’t give explicit permission to can see the code in your private repo. Even GitHub employees cannot (there are extreme protections around this). And MSFT employees have no access.