Ask HN: Should you trust GitHub with your company's code/data?

1 points by llmblockchain ↗ HN
Given code scanning (copilot, llms, etc) should you trust Github with the code for your company?

Currently I am self hosting (which is fairly cheap, ~$100/year if you include a domain name) but sometime I wonder if I make things hard on myself for no reason ;p

6 comments

[ 3.1 ms ] story [ 28.3 ms ] thread
If it was going to be Open Source anyways, sure. I will generally keep a local copy of the up-to-date repo and don't really worry about Github taking that away from me. Scanning and training is stuff they can do when I host it anywhere, so I'm not really spooked by that either.
microsoft already sees all ur emails, so whats the harm in adding the source code?
(comment deleted)
Ask the New York Times about their recent source code leak.
> microsoft already sees all ur emails

Can you elaborate what you mean by this?

What's the plausible worst case scenario here? GitHub accidentally trains on private repos (or Microsoft is, insanely, lying) and leaks some random tiny snippets of your code? That would be a personal violation but the actual damage seems negligible.

I mean self-hosted GitLab is fine, I don't know that you're losing out on any major features. But I wouldn't worry about using GitHub unless security and control of your assets is a critical necessity, in which case you definitely shouldn't trust some VPS/cloud provider either.