I just joined a new team (very small: four developers in total, with two of those leaving soon). The two original developers set up the git repo on a folder in a Windows network share.

Am I taking crazy pills, or is that a bad idea? Our organization does have github/gitlab/bitbucket available, so is there any good reason not to use those hosted solutions?

  • GrishAix@feddit.de
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Our organization does have github/gitlab/bitbucket available

    Do you mean “cloud services”? Maybe your colleagues don’t want them there.

    For PCI-DSS relevant code, we only use internal systems.

      • ricecake@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It’s actually fine, as long as you coordinate with them.
        They offer services that cater to just about any compliance need, including things as annoying as fedramp.

      • TheTrueLinuxDev@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I would have to agree on this, it seems rather odd if the code repo is confidential or classified to be shared on a Windows Share. The reason why we would use Git services (self-hosted) is so that we have multitude of security services/layers maintained by dedicated team of system administrators such as firewall, service update, data redundancy, backup, active directory and so forth.

        I can see a scenario where people accidentally put classified repos or information that aren’t supposed to be shared on Windows Share where unauthorized users could view that repos.

    • Zargontapel@latte.isnot.coffeeOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      That may be the case, but the original engineers have made other highly questionable decisions: the backend service was written in Java 8…just last year!

      • aksdb@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That doesn’t sound questionable, but somewhere between stubborn and stupid. Unless that thing is supposed to be deployed to a heavily outdated system where nothing newer than Java8 will run, that is.