I just joined a new team (very small: four developers in total, with two of those leaving soon). The two original developers set up the git repo on a folder in a Windows network share.
Am I taking crazy pills, or is that a bad idea? Our organization does have github/gitlab/bitbucket available, so is there any good reason not to use those hosted solutions?
Do you mean “cloud services”? Maybe your colleagues don’t want them there.
For PCI-DSS relevant code, we only use internal systems.
I don’t see how would this be compliant with literally anything.
It’s actually fine, as long as you coordinate with them.
They offer services that cater to just about any compliance need, including things as annoying as fedramp.
I would have to agree on this, it seems rather odd if the code repo is confidential or classified to be shared on a Windows Share. The reason why we would use Git services (self-hosted) is so that we have multitude of security services/layers maintained by dedicated team of system administrators such as firewall, service update, data redundancy, backup, active directory and so forth.
I can see a scenario where people accidentally put classified repos or information that aren’t supposed to be shared on Windows Share where unauthorized users could view that repos.
That may be the case, but the original engineers have made other highly questionable decisions: the backend service was written in Java 8…just last year!
That doesn’t sound questionable, but somewhere between stubborn and stupid. Unless that thing is supposed to be deployed to a heavily outdated system where nothing newer than Java8 will run, that is.