活动与推广 你的代码放在 GitHub 上,真的安全吗?

allengu93(codefever) · 2022年03月08日 · 最后由 wenwenjz.com 回复于 2022年03月09日 · 141 次阅读

受俄乌冲突的影响,GitHub 目前正在考虑限制俄罗斯开发人员访问开源代码存储库的可能性。无独有偶,早在 2019 年,GitHub 就曾经因为美国出台贸易制裁国家名单,对名单上的国家/地区的用户进行过 “封杀”。

2019 年 7 月,微软旗下的 GitHub“限制” 住在乌克兰克里米亚地区的一名开发人员的帐户。这名开发人员利用 GitHub 服务来托管其网站和游戏软件。

GitHub 告诉住在克里米亚的 21 岁俄罗斯公民 Anatoliy Kashkin,“由于美国贸易管制”,GitHub“限制” 了他的帐户。Kashkin 称,GitHub 给他看了关于美国贸易管制的页面,该页面显示将克里米亚、古巴、伊朗、朝鲜和叙利亚列为面临美国制裁的国家或地区。

随后,他托管在 GitHub 上的网站返回 404 错误信息,同时也无法创建新的私有 GitHub 存储库或访问它们。 2022年3月3日,GitHub CEO Thomas Dohmke 发布《我们对乌克兰境内战争作出的响应》一文。原文贴到文末。

其中提到:“与此同时,我们正在采取行动以支持我们的平台,并遵守您可能看到的因这场战争而颁布的许多政府规定。我们的法务团队会彻底细读这类规定,而且我们遵守不断变化的出口管制和贸易法规。这包括实施严格的新出口管制,旨在严格限制俄罗斯获取维持其侵略性军事能力所需要的技术和其他物品。此外,我们接到并处理的任何政府下架通知都会公开发布,因为我们认为透明度对于良好治理至关重要。”

众所周知,开源社区一直以开源许可证书来划定该开源项目的使用权限。但近日据媒体报道,许多开发人员已经开始在社交网络上发表声明,表示未来可能禁止俄罗斯程序员使用其代码。虽然开发人员可以随意使用正式开源的软件,但代码作者可以就使用其开发的代码制定规则,包括出于某一个原因拒绝使用其代码。

EBR 法律代理机构的执行合伙人 Alexandra Zhuravleva 针对该问题表示:“许多许可证都附有制裁方面的条款;如果美国和欧盟愿意,它们可以实行制裁,禁止被制裁方使用开源软件或架构——那么俄罗斯产品将无法获得支持和更新,也无法正式使用此类软件”。毋庸置疑,当技术和政治战争挂钩,会无形的波及更多无辜的人民和机构。

在今年 2 月初,俄罗斯宣布计划在 2022 年底之前建立一个类似 GitHub 的本国平台,其运营商将是俄罗斯信息技术发展基金会。作为这个项目的一部分,计划公开由俄罗斯开发的免费软件。

今天作为看客的我们,看到这些,是否有什么启发?

源代码作为一个企业乃至国家的无形资产,在和平年代,托管到任何机构可能都没有问题。但是我们无法确保未来一定如我们所预期。适当把代码在国内服务商甚至本地做一个备份并不是杞人忧天。其实,除了众所周知的 GitHub,国内也有很多优秀的源码托管服务商,比如码云、CodeFever 等等。其中 CodeFever 作为国内为数不多的支持本地化部署的 git 服务,功能齐全、服务更轻、UI 更好看。

CodeFever 的主要功能及承诺:
🆓 永久免费: 永久免费提供给大家使用,您无需担心付费
❤️ 完整开源: 毫无保留的完整开源,无任何编译或加密代码
🥬 轻量安装: 极简设计风格,排除重度冗余的多余功能
⚡️ 性能高效 速度极快,对服务器资源要求极低,1 核 CPU/1G 内存即可运行
♾️ 无限仓库 没有任何仓库数量、使用数量的限制
⌨️ 代码对比 支持提交代码的不同版本支持高亮显示对比
🛤️ 分支和标签 完整支持 Git 原生功能,帮助更清晰的管理代码
🙋‍♂️ 合并请求( Merge Request )支持多人协作,让代码版本控制更顺畅
🙅🏻‍♀️ 分支保护 分支保护功能让代码提交安全可控,代码 Review 更容易清晰
👥 多人协作 支持多人团队协作,并可以设置每个成员的角色和权限
🖥️ 管理后台 支持超级管理员后台,可以让团队 leader 管理所有项目和用户信息

大家可以访问 CodeFever 官网部署体验,自己的代码在自己的服务器上更踏实!最后,愿世界和平,战争不再❤️

GitHub CEO Thomas Dohmke 发表于 Github 官网的《我们对乌克兰境内战争作出的响应》全文如下:

As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.

GitHub is united with the people of Ukraine and the international community in condemning these horrific acts of violence against a sovereign nation and its people. We continue to monitor the events in Europe surrounding the unlawful Russian military invasion of Ukraine.

We care deeply about our global community, and many of us have loved ones all over the world, including in Ukraine, Russia, and other impacted regions. I grew up in East Germany during the Cold War, and I remember the happiness and optimism in the early 1990s that the world would come closer together. What we are witnessing now is something I never wanted to see again. It is devastating for the innocent people in Ukraine, and it is leading to feelings of helplessness and anger for those of us near and far away.

As the home of open source and the home for all developers, we take our role seriously in protecting open collaboration and the free flow of information in our interconnected community. This includes keeping the platform open and available to all developers, no matter where they reside. I want to share the latest updates on how we are responding as a company, as a platform, and as a global community of Hubbers.

Maintaining the integrity of our platform and company

GitHub is a powerful tool for communications, humanitarian work, and organizing for change, as well as for incredible technological advancement. We truly believe in the power of open source, so we will continue to work hard to keep our platform available and safe for all developers around the world. In parallel with our efforts to make sure GitHub is available to developers in all countries, we are continuing to ensure free open source services are available to all, including developers in Russia.

We are also committed to providing strong security capabilities that can prevent GitHub users and their accounts from compromise, and we urge developers to set up 2FA, ideally with WebAuthn, to protect their accounts.

At the same time, we are taking action to support our platform and comply with the many government mandates you’ve likely read about in the context of this war. Our legal team examines such mandates thoroughly, and we are complying with export controls and trade regulations as they evolve. This includes implementing stringent new export controls that are aimed at severely restricting Russia’s access to technologies and other items it needs to sustain its aggressive military capabilities. Additionally, any government takedown notices we process are publicly posted because we believe that transparency is essential to good governance.

Understandably, our community has had strong reactions to the conflict in Ukraine during this particularly stressful time. We are enforcing our Acceptable Use Policies and Community Guidelines to make GitHub safe for everyone. If you observe behavior that represents a potential violation of our Acceptable Use Policies or Community Guidelines, please report it.

The Community and Product Operations teams are monitoring conversations in our forums and making assessments that abide by our codes of conduct for community forum and public feedback. We will lock discussions that violate these codes of conduct.

Prioritizing Hubber safety and well-being

I want to be very clear: we stand by every Hubber around the world regardless of your nationality or country of origin. Your well-being is of the utmost importance and you have our full support.

Many of you have messaged me, the leadership team, and your managers looking for ways you can directly support those in Ukraine. GitHub always matches up to $15,000 in donations per Hubber annually, and the Social Impact team has shared a list of organizations in support of Ukraine where Hubbers can donate. I have personally donated to United Help Ukraine and the Benevity fund supporting Ukrainian refugees.

GitHub as a company is also donating $100,000 to Razom and matching an additional $200,000 of donations from employees to help support relief efforts in the region. This includes matching donations for any volunteering hours Hubbers spend working for charities and doing humanitarian work across the world.

I want to reiterate that we take our role seriously in protecting open collaboration and the free flow of information in our interconnected, global community. We will continue to closely follow the events and adapt as we learn more. And like many others around the world, we hope for a peaceful resolution for the people of Ukraine and other impacted communities. 💙💛

不错,代码托管的工具 又多了一款。找台服务器 安装部署试一下子 哈哈。原来一直在用 Gogs 也是挺轻量的一套代码管理平台。不知道 codeforever 与之相比怎么样

koosol 回复

codefever 对性能优化很好,1 核 CPU/1G 内存即可运行

我一般放在 gitee😂

需要 登录 后方可回复, 如果你还没有账号请 注册新账号