Git is a risk to any organisation
Git is a risk to any organisation trying to protect their Intellectual Property (IP), specifically:
- lack of security, particularly at file/branch level
- lack of auditing
- lack of centralised management tools (because it's distributed).
- lack of version history if developer 'loses' the repository, all that remains is what they 'published' or what was 'pulled' by the release process, easily less than 1 in 100 revisions.
Linus wrote Git because he was sick of having to do so much merging work - it doesn't get rid of the work - it pushes the work out to other people. Git is awesome if you are Linus - or working in a similar environment without IP and with volunteers/academics and where you can make everything everybody else's problem.
Git is rubbish at Commercial IT.
All the data breaches associated with Github show that Github makes it easy to upload things you shouldn’t to publicly accessible repos (or at least repo's not secured by SSH keys or 2FA). The on-premise solution we use (trying not to drop names) is designed exactly the opposite way. By default nothing is publicly accessible and you’d have to go to a lot of trouble to make it accessible, and then to enable anonymous access. It’s called security by design.
Biting the hand that feeds IT
