From ff4a45effb49b5935ba46ca0f17221062bd28d52 Mon Sep 17 00:00:00 2001 From: Sytse Sijbrandij Date: Thu, 18 Sep 2014 09:41:38 +0200 Subject: Add information on information exclusivity. --- doc/security/README.md | 1 + doc/security/information_exclusivity.md | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 doc/security/information_exclusivity.md diff --git a/doc/security/README.md b/doc/security/README.md index b89e8cbe020..f88375f2afd 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -2,3 +2,4 @@ - [Password length limits](password_length_limits.md) - [Rack attack](rack_attack.md) +- [Information exclusivity](information_exclusivity.md) diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md new file mode 100644 index 00000000000..f6f89ce58a9 --- /dev/null +++ b/doc/security/information_exclusivity.md @@ -0,0 +1,8 @@ +# Information exclusivity + +Git is a distributed version control system (DVCS). +This means that everyone that works with the source code has a local copy of the complete repository. +In GitLab every project member that is not a guest (so reporters, developers and masters) can clone the repository to get a local copy. +After obtaining this local copy the user can upload the full repository anywhere, including another project under their control or another server. +The consequense is that you can't build access controls that prevent the intentional sharing of source code by users that have access to the source code. +This is an inherent feature of a DVCS and all git management systems have this limitation. -- cgit v1.2.1 From 664b433afef12b12d93fac078826ad6fc7c492f5 Mon Sep 17 00:00:00 2001 From: Sytse Sijbrandij Date: Thu, 18 Sep 2014 09:44:12 +0200 Subject: Add explanation about unintentional sharing. --- doc/security/information_exclusivity.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md index f6f89ce58a9..127166ae2e7 100644 --- a/doc/security/information_exclusivity.md +++ b/doc/security/information_exclusivity.md @@ -6,3 +6,4 @@ In GitLab every project member that is not a guest (so reporters, developers and After obtaining this local copy the user can upload the full repository anywhere, including another project under their control or another server. The consequense is that you can't build access controls that prevent the intentional sharing of source code by users that have access to the source code. This is an inherent feature of a DVCS and all git management systems have this limitation. +Obviously you can take steps to prevent unintentional sharing and information destruction, this is why only some people are allowed to invite others and nobody can force push a protected branch. -- cgit v1.2.1