Marsup
commented
7 years ago Why the honor?
Closed hueniverse closed 5 years ago
Marsup
commented
7 years ago Why the honor?
hueniverse
commented
7 years ago They have a new thing for maintainers and when you are invited they ask if you want to apply free unlimited coupon to one of your orgs. I said sure.
devinivy
commented
7 years ago That was kind! I'm sure we can make some good use of it.
Could use it for new projects before they are ready or for semi-private repos for discussions that are more sensitive such as security.
These both make sense to me, especially the latter. I could also imagine anything involving financials possibly living in a private repo– for example, if we were to plan a conference, we might want to keep the spending details semi-private.
ldesplat
commented
7 years ago It is also a great place to put integration tests for Bell since secrets stored in Travis or elsewhere will have less chance of getting exposed.
EDIT: Never mind, I don't think I thought this through since private repos are not free in Travis...
AdriVanHoudt
commented
7 years ago I agree on the security point, I would like to advocate to only use these if they are really necessary though. I think the more we do in the open the better.
nlf
commented
7 years ago as a place to file and track security issues would be nice. i guess there's a chance that some governance issues might be best discussed in private too, but it hasn't really been a problem historically.
@ldesplat raises an interesting point about integration tests for projects that require secrets. travis may charge for private repos, but we do have a fairly large donated server that we could run our own CI service on for that purpose if there's a call for it.
i tend to agree with doing as much as possible in the open other than that. i'm certainly not against new projects starting out as private repos until they're in a state where they're ready for consumption, though.
GitHub gave the hapijs organization unlimited private repositories and users. Not sure how we should use it but know that we now have this. Could use it for new projects before they are ready or for semi-private repos for discussions that are more sensitive such as security.