Is this project being public intentional?

[1sp]

Assuming that we are developing for a private project - Is this being public project intentional?

Right now anyone on github can see the project, issues and their follow-ups.

[jboz62]

Not sure, I asked them about it via email, but didn’t hear any response about it, didn’t seem to be a concern. As long as someone needs access to commit changes, I think we’re ok. Katherine can comment on that if there’s an issue.

On Apr 17, 2016, at 2:15 PM, Sudhir notifications@github.com wrote:

Assuming that we are developing for a private project - Is this being public project intentional?

Right now anyone on github can see the project, issues and thier followups.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/meetinghouse/cms/issues/240

[meetinghouse]

I don't feel too concerned about this as long as only collaborators have access to commit any changes. If you'd rather lock it down that is okay too. Sudhir, if you think there is a risk at leaving this as it is, please tell me.

Sincerely, Katherine Johnson, Research Director Corbett Research Group http://www.restorationtrades.com "Web Marketing that Works"

Publishers of:

The Custom Building & Restoration Trades Directory http://www.restorationtradesdirectory.com

The Building Arts Notebook, "Journal of the Guild of Building Artisans" http://buildingartisansguild.com/

Email: katherine@restorationtrades.com Phone: (413) 475-3154

On Sun, Apr 17, 2016 at 2:27 PM, jboz62 notifications@github.com wrote:

Not sure, I asked them about it via email, but didn’t hear any response about it, didn’t seem to be a concern. As long as someone needs access to commit changes, I think we’re ok. Katherine can comment on that if there’s an issue.

On Apr 17, 2016, at 2:15 PM, Sudhir notifications@github.com wrote:

Assuming that we are developing for a private project - Is this being public project intentional?

Right now anyone on github can see the project, issues and thier followups.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub < https://github.com/meetinghouse/cms/issues/240>

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/meetinghouse/cms/issues/240#issuecomment-211076162

[1sp]

I raised the concern because this code drives many production sites and is under development. Bugs and other critical technical information could be used as exploits to launch attack on the production sites as the system architecture and information flow is all visible to public. Katherine , I would still recommend to make this project a private one. (Many of my projects run as private projects on bitbucket.org due to similar concerns - bitbucket allows creating private projects for free for small teams)

[meetinghouse]

I see what you are saying here. I will look into it.

Sincerely, Katherine Johnson, Research Director Corbett Research Group http://www.restorationtrades.com "Web Marketing that Works"

Publishers of:

The Custom Building & Restoration Trades Directory http://www.restorationtradesdirectory.com

The Building Arts Notebook, "Journal of the Guild of Building Artisans" http://buildingartisansguild.com/

Email: katherine@restorationtrades.com Phone: (413) 475-3154

On Tue, Apr 19, 2016 at 2:29 PM, Sudhir notifications@github.com wrote:

I raised the concern because this code drives many production sites and is under development. Bugs and other critical technical information could be used as exploits to launch attack on the production sites as the system architecture and information flow is all visible. Katherine , I would still recommend to make this project a private one. (Many of my projects run as private projects on bitbucket.org due to similar concerns - bitbucket allows creating private projects for free for small teams)

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/meetinghouse/cms/issues/240#issuecomment-212058381

[jboz62]

@meetinghouse John, in the interest of this repository being private, we may want to consider moving to Bitbucket which is the Git for businesses. It will give you a private repo for free for up to 5 users. We can transfer everything from Github over to there, as well: https://www.topdraw.com/blog/moving-from-github-to-bitbucket-why-and-how/

Something to think about as it would be a good idea to make this repository private for security as you grow the company.

[jboz62]

@vivek-chaudhari Vivek, can this repo be moved to Bitbucket with all of the data? It looks like Forge works with Bitbucket, but we'd have to delete the Github connection and reconnect with Bitbucket. Thoughts?