Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For example using private bare Git repositories hosted internally at the company with mandatory OpenSSH U2F authentication (requiring a physical key like a Yubikey) would go a long way and requires two minutes to setup. Or a VPN. Pick your poison.

But then you lose convenience.

Slacked picked convenience and it led to the headline: "Slack's private GitHub code repositories stolen over holidays" and the top voted HN comment so far is: "Slack is selectively and deliberately limiting public access (discoverability) to the security breach announcements.".

The question is: was convenience worth it?

There are other tools. There are other ways to host. There are other ways to do CI/CD.

But it's less convenient.

It's a tradeoff.



If CEOs pressure me to neglect security, I always tell them "Do you want to be on the top of the German news magazine Der Spiegel with a bad headline?".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: