2

This was a question I had been asked during an interview with a startup company.

"How would you protect your core source code in this situation?
You want to outsource a certain function of your program. You also want to add that developer in your VCS repository, but you do not want that person to be able to read your most important codes."

When I heard this, I was like, "What?" Obviously, I totally flunked that question. Then again, there are many freelancers out there. There must be a security measure for these kind of stuffs. But seriously, how do you do that?

  1. How do you invite someone to your repository and block them from reading certain parts? - or -
  2. How do you ask someone to build a part of your program whilst not sharing your source code?
user8397275
  • 131
  • 1
  • 8
  • Were they talking specifically about *Git*, or about version control systems in general? – torek Mar 23 '18 at 14:26
  • @torek In general. So I guess they include CVS, Mercurial, etc. – user8397275 Mar 24 '18 at 13:10
  • So, Git and Mercurial, being distributed VCSes, make it difficult to do this (not necessarily impossible, but certainly harder). Centralized VCSes have a specific location at which one can set specific access controls. You might also take a look at what there is of my draft [book](http://web.torek.net/torek/tmp/book.pdf); I touch on this very lightly in chapter 1. – torek Mar 24 '18 at 18:12

2 Answers2

2

Git itself lacks access control. But a hosting service like Gitlab or Gerrit does not. Taking Gerrit for example, you can give a user access to a specific branch, read only or read & write, direct push or mandatory review.

If your project is only one repo and you want to share part of it to a user, you could split your repo into two, one private and the other public. As for build, you could setup a build environment where the user can't access while the user's code can be fetched and integrated and the user can receive the build result.

ElpieKay
  • 27,194
  • 6
  • 32
  • 53
1

You can prevent people from pushing to branches (see: A way to restrict Git branch access?), but you cannot really prevent people from checking out certain branches if you give them access to the repository. git does not have that granularity. Even if it had it, I struggle to see how that could work. What if one branch is a descendant from another?

Not even getting on how can you expect people to collaborate effectively if you have policies like that ...

Mario F
  • 45,569
  • 6
  • 37
  • 38
  • Thanks for the answer. I was actually surprised that they'd want to cloak so hard. But then again, it could be just a question. (Not seeing the purpose of it tho) For the collaboration part, my best guess was to follow a modular design, asking others to make subparts of the program, a.k.a modules, then combining them. – user8397275 Mar 24 '18 at 13:17