There was a "situation" at work. We were publishing a high-profile project (take a wild guess) on GitHub. We had received abuse and were worried that someone might target the programmers who worked on the project. Obviously, we take cyber-security seriously, but how do we deal with personal-security?
Here are the options we considered:
- Get everyone to sign up for a secondary GitHub account to use for this project.
- Redact the history so no-one could see personal information.
- Use the same GitHub credentials for everyone.
There are problems with all the above approaches. Additional accounts are a huge administrative and cognitive burden. Scrubbing the history on publication doesn't facilitate transparency. And sharing login details? Yeuch!
So what could we do?
GitHub has a nifty feature - it allows you to commit on-behalf-of an organisation.
With a simple change to your commit message, you can show that you're working on behalf of an organisation. Handy if you want to separate your commits into personal and professional. Or if you're a member of multiple organisations.
Here's what we wanted - publish as an organisation!
I'd like to sketch out how this might work - then I'd like some criticism from you on why it's bad idea.
- As an @Organisation on GitHub
- With a team of authorised members
- I want all the public commits from the team to show as coming from the @Organisation
- So that I can preserve the privacy of the authorised members
(This could also work by committing as the team.)
- Add a team to GitHub
- Populate it with members
- Flick on this option:
Any member of the team can see that this commit came from Alice and that commit came from Bob. But people outside the team would just see both of those commits coming directly from the organisation.
This enables the team to see who made which changes, but keeps it private for everyone else.
Does this lull developers into a false sense of security? If the commit message still says "Asked to add this by @alice. Yours sincerely, @bob" then privacy is compromised.
Is this even possible with the git protocol? Teams are a part of GitHub - but I don't think they're part of the specification. Would this screw up the cryptographic signing of commits?
Part of open source is transparency. Do we want to lose that?
GitHub would be able to de-anonymise you. But you're already trusting them with parts of your infrastructure anyway.
Is this useful - or am I barking up the wrong tree?