Ask HN: What should I be aware of when open sourcing code from my company?

8 points by bencoder ↗ HN
I'm trying to get permission to open source some components that are currently in private repositories for the company I work for.

Is there anything we should be aware of beyond simply choosing a licence and putting it up on our company's public github?

What has your experience been doing this?

4 comments

[ 3.9 ms ] story [ 15.9 ms ] thread
Hard-coded "test" credentials, IPs, API keys, basically anything that you assume no sane person has left in - yet there's always at least one instance of.

A lot of people have been accidentally hosed by having AWS keys buried five directories deep in a now-deprecated-and-forgotten "test_aws.rb" file, make sure that doesn't happen to you!

Or 5 layers deep in an old history. My recommendation is to create a new repo and pull things in.
Doesn't even matter if you remove it, it will still be in the history. You need to purge your history completely. Start a new repo.
Depending on how big the project is and what your goals are you also need to consider:

- IP release protocol for submitters

- Licenses of dependencies

- Copyright/patent issues

Usually your legal can provide guidance on these things.