this post was submitted on 17 Jun 2023
11 points (100.0% liked)
Programming
13383 readers
1 users here now
All things programming and coding related. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Do you mean "cloud services"? Maybe your colleagues don't want them there.
For PCI-DSS relevant code, we only use internal systems.
I don’t see how would this be compliant with literally anything.
It's actually fine, as long as you coordinate with them.
They offer services that cater to just about any compliance need, including things as annoying as fedramp.
I would have to agree on this, it seems rather odd if the code repo is confidential or classified to be shared on a Windows Share. The reason why we would use Git services (self-hosted) is so that we have multitude of security services/layers maintained by dedicated team of system administrators such as firewall, service update, data redundancy, backup, active directory and so forth.
I can see a scenario where people accidentally put classified repos or information that aren't supposed to be shared on Windows Share where unauthorized users could view that repos.
That may be the case, but the original engineers have made other highly questionable decisions: the backend service was written in Java 8...just last year!
That doesn't sound questionable, but somewhere between stubborn and stupid. Unless that thing is supposed to be deployed to a heavily outdated system where nothing newer than Java8 will run, that is.