Ask YC: Hosting your source code outside, it's really secure?
I'm seeing a lot of people who host code outside. Maybe to get aditional functionalty or as a backup solution.
If you are a small startup, and your code is your life, because u worked so hard on it, its really a good idea host it outside? Using Lighthouse App, or any other service?
19 comments
[ 2.1 ms ] story [ 46.1 ms ] threadA) The person breaking into the source code server isn't your competitor
B) Source code isnt the life of most web 2.0 startups. If I gave you the source code to Twitter it wouldn't get you very far.
1) Many programmers don't even bother to look at the source of open source libraries and projects they use instead of just cargo culting
2) Code changes really often because of the never ending list of bugs and new features
3) A lot of code (including some of my past work and probably some of yours) is garbage (at any given point)
4) Even if your code isn't garbage, the guy looking at it may think it's garbage
I wouldn't worry too much until your application gains in popularity
For example, because the code is open to all, the developers are motivated to produce much better documentation and testing harnesses, usually before they actually do the code itself - internal costs go down. This pays for itself many times over in time saved during debugging and deployment.
Another example is that we've received a lot of critical peer review of our code which has helped us catch and fix flaws in our security and design - internal costs go down, public perception of security becomes positive.
In my experience and market research, it is nearly always the execution of the business that significantly outweighs any super-secret Python methods I may have thought were cool at 2am :)
commenting from my nokia n810 :-)
Most Web 2.0-ish startups aren't doing a lot of really tricky stuff behind the scenes (i.e. you can kind of guess what the implementation is like most of the time anyway) and most commercial competitors aren't going to be dumb enough to risk the legal implecations of stealing your code. The chances of you losing your work because you didn't have an off-site backup are infinitely higher than you losing it because a competitor steals it and uses it against you.
That said, since I already had a VCS set up here, and have a little of The Paranoia too, we use a local server for version control and then do a GPG encrypted backup offsite.
If it's external baddies, then yes, I suppose that's something to be concerned about... If you're the only developer, or you only need an internal repository (i.e. on a LAN) then I'd just host it locally and back up regularly to a secure host.