将代码保存在gitlab和github中有危险吗?
我听说将我们的代码提交到 gitlab 和 github 是非常安全的。
原因是每个代码都经过哈希处理,每个人几乎不可能在不使用 git 工具的情况下更改代码。
这是真的吗?
最佳答案
正如我在“Why does Git use a cryptographic hash function?”中提到的,它在数据完整性方面是“安全的”(Linus Torvalds, 2007):
We check checksums that is considered cryptographically secure. Nobody has been able to break SHA-1, but the point is, SHA-1 as far as git is concerned, isn't even a security feature. It's purely a consistency check. The security parts are elsewhere.
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.Having a good hash is good for being able to trust your data
这与以下无关:
- 隐私(不依赖于 Git 本身,而是依赖于 Git 托管服务器,如 gitHub 或 BitBucket)
- 用户身份(要真正确定提交用户,如 Thilo comments,您可以签署提交(参见“A Git Horror Story: Repository Integrity With Signed Commits”)
OP 添加:
what I mean is the owner of gitlab or github may steal our code
这是一个信任问题:如果代码位于私有(private) 存储库中,git 托管服务器是否可以访问您的代码?技术上是的。
他们会访问您的私有(private)代码吗?如“Can third party hosts be trusted for closed-source/private source code management?”中所述,没有什么能阻止他们。
然而,many startups have their private code on, for instance, GitHub .
如果您真的担心保密问题,那么您保留所有代码库的所有权很重要,包括存储它的服务器(意味着拥有您自己的 Git 存储库托管服务器)。
关于git - 将代码保存在gitlab和github中有危险吗,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30296072/