Version control! one of the most controversial subjects in the software industry. Whether you’re a Subversion fanatic, a Git hard core or a mercurial elitist – everybody has something to say about version control. While in the past we had put our trust in local CVS and SVN repositories, today, most of use utilize cloud based services such as Github, BitBucket or Gitlab.
After spending much time this week setting up our new gitlab repositories – mainly for finished projects that are no longer in active development, and can be removed from our quota at Github, I cam to realize that all these companies are somewhat at a position to be considered as “anti-trusted”. Imagine a hypothetical situation where github starts examining the code we submit to it, not only the public one, but also the private one. Imagine what kind of intellectual property assets they have access to.
In 2001, Tim Robbins portrayed a software giant CEO that is so driven by ambition and greed, that he is actually willing to have developers killed for their code. Where in 2001 developers were very much working in closed quarters and sharing their work via privatized means, today, almost all of us use the clouds in some form. Can they be trusted? What happens if one of them gets bought out by a software giant?
Let us imagine the follow scenario:
The GitGiantCloud (GGC) service has been recently acquired by MegaGreedySoftwareCorp (MGSC). MGSC announces that it will continue to run GGC as always, however, in the background they start analyzing the code within the privatized repositories – completely violating their EULA. Would anyone know about it? the answer is NO. Is it considered a breach? well, they can always excuse it as: “we identified a potential breach, we had to take these measures to investigate it”. In other words, even if they are reading your code – you’ll never know if it’s true or not.