Closed sheldonreddy closed 1 year ago
mschilli87
commented
1 year ago @sheldonreddy: You can run Gource locally on a Git checkout using a machine (e.g a VM) that is not connected to the internet. For good measure you could copy the resulting video file on physical media and destroy the (virtual) machine. :wink:
hervelemeur
commented
1 year ago Just for the sake of it, in the generated video folders, filenames, authors and dates are potentially exposed.
mschilli87
commented
1 year ago @hervelemeur: Fair point, but @sheldonreddy is in control whom that video gets shared with. Also it is possible to annonymise these data in the video by adjusting the Git log before passing it to Gource.
sheldonreddy
commented
1 year ago @hervelemeur @mschilli87 Thank you for your responses and the suggestion - definitely will be going the route of running it on an isolated machine. Not too phased about the video data as I won't be distributing it - only using it in a video but I am glad I can annonymise it if need be :)
Thanks all - appreciate it!
acaudwell
commented
1 year ago Just for the record, Gource just runs the git log command to get the history, and it doesn't do any network requests.
E.g. if you want to fetch gravatars of your users you need to do that yourself.
I'd love to run Gource on a private repo which has a lot of intellectual property and many devs contributing.
Needless to say, it would be a disaster if any of the source code was exposed publicly due to Gource.
I'd like to confirm Gource does not expose any data from private repos.
Thanks