tags:

views:

154

answers:

8
Q: 

Source code protection best pratices to collaborate with freelancers

I'm working on a social media site and I'm the only engineer but now I need to hire people to get things going faster and I'm worried about the source code.

How should I go about protecting the source code, I thought of obfuscating the source code and make documentation, I thought of making an external API, I also thought I to not doing anything and just trusting the people I'm hiring.

I'm going to hire freelancers and since they won't be working in the same office as I am, I'm interested to see what are the best practices.

Any help is appreciated!

Edit: I'm using Git as my source control system

A: 

Get a source control system running.

glasnt  2010-02-24 05:08:58
I'm currently using Git, the problem is not how to distribute the code to freelancers, the problem is how to protect the source code.
Cerim  2010-02-24 05:12:24
In that case you should update the question saying that. There may be Git-experts that can link you to resource to help with that control system, there may be obfuscation apps, for example.
glasnt  2010-02-24 05:18:05
I just updated my question, thanks!
Cerim  2010-02-24 07:26:09
+2  A: 

You can't. The freelancers will need the code to work on it. The best you can do is provide them only with the minimum amount of code they need.

Obviously if they leak it they would be breaking the law, but it would be difficult to prove in a court.

Andreas Bonini  2010-02-24 05:10:47
Indeed, if people need to help you with an existing app, you need to have them look at it. If it is possible to isolate parts of the app, do so in branches and use access protection. Other than that, it's a social/legal problem.
deceze  2010-02-24 05:33:16
+1  A: 

You've got two problems--the technical problem and the social problem. The social problem is generally approached by making anyone who works on the project sign an NDA. It doesn't guarantee anything, but at least it helps to make your intentions clear.

Edit (re: comments) As for the technical problem, a commercial distributed source control system like Code Coop might attend more to your secrecy concerns (in relation to open source solutions), but I've never used it, so I can't say for sure.

Another option is run your project through a "geographically distributed" company that does outsourced product development, like Art & Logic. I've never worked with them either, but from what I can tell, they run all their projects in a manner similar to what you're describing.

datageist  2010-02-24 05:25:33
Re: Relisoft, "I've never used it, but the concept is interesting": Is that concept any different from git or Mercurial or bazaar?
Thilo  2010-02-24 05:34:34
Ha, so used to seeing Git projects hosted on github that I didn't realize it was distributed :) Shows how much I'm used to working with cvs/svn code. I still think the commercial angle is more likely to attend to his privacy concerns, but maybe not.
datageist  2010-02-24 05:51:55
A: 

Most of the following is free, open-source software:

  • Source Control - Set up (secure) source control; Subversion (SVN), CVS, Git, or what have you.

  • Automated Build - Set up an automated build that runs (at least) nightly, and emails developers when a build break occurs (via email list server).

  • Developer Wiki - Set up a (secure) Wiki for the developers to communicate technical stuff through.

Most importantly:

  • If you're working with new developers/contractors, keep a very close eye on what each developer is producing until you've had enough time to feel comfortable with their working unmonitored. If you don't pay attention, you will end up with an unusable bird's nest of crap source code.

Other nice-to-haves

  • Automated Unit Tests - Run as part of the scheduled build. There are unit test frameworks out there like JUnit, CppUnit, etc.

  • Automated Documentation - Generated as part of the scheduled build, and available via (secured) http. JavaDoc and Doxygen are such generators.

  • Bug Reporting/Tracking - Someplace for developers and testers to keep track of open issues. BugZilla is free. FogBugz is supposed to be awesome.

Scott Smith  2010-02-24 05:57:36
How does that protect the source code in any way?
mxp  2010-03-09 08:59:00
@mxp - You're right. I misread this question originally. I though the OP was asking about best practices when using freelancers. I was thinking 'protect' the code, as in 'keep things from turning into a giant rats nest'.
Scott Smith  2010-03-09 19:03:52
+1  A: 

i have the same problems as yours.

1st i ask my development team if they know any freelancers (friends with any). Usually they tell me about the best and the most trusted because they know them.

2nd, choose freelancers that already worked on other projects, if someone trusted them before me, then i "may" be able to have a little trust in them.

3rd, divide the project as much as possible. try your best to distribute the task independently, in this way the freelancer will not have the complete project, he'll only have the parts he will be working on.

4th, don't inform a lancer about other freelancers working with you so they won't be able to combine their codes together and leak it.

scatman  2010-02-24 06:20:52
A: 

They obviously need to code to work on. But maybe there is a possibility to protect against leaking of the code.

Have a branch for each freelancer and give each freelancer only read/write access to their respective branch. Don't give them access to anything else. Each branch should contain your trunk code, but with some unique changes per branch. This could be for example changing the names of some variables or functions. With this setup you might be able to trace back a leak to one branch.

You will have to be careful in setting up the separate branches with their unique changes, so that it is not visible in the history of those branches.

Otherside  2010-02-24 08:21:35
A: 

I say you trust the people working for you. If you don't trust that the freelancers will respect you and your code, you shouldn't be hiring them.

ItzWarty  2010-02-24 08:32:41
A: 

At one point you must make the decision to trust someone you do business with.

sibidiba  2010-02-25 18:54:23

related questions

Are there any recommendations for tools for remote collaboration on Windows?
Web Apps for Source Code Discussion
Multiple business layers
OpenSource: Collaborative Design
group collaboration open source php app
What exactly do you do when your team leader is incompetent?
Distributed corporate collaboration tools
Collaboration desktop sharing - Multiple Mouse
What's a good Wiki for technical documentation?
What kind of constructive criticism would help a development team?
Do you chat online for work purposes?
What are some good Module Development Solution/Environments/Best Practices for Dot Net Nuke Modules
Agile development in a distributed team
How do you handle different Java IDEs and svn?
Multi-user Snippet Manager
continuous integration web service
What collaboration tools are effective for working with non-technical people?
What's a good freeware collaborative (i.e., multiuser) instant messenger?
Solutions for multiple webcam meeting
What's your favorite shared whiteboard tool?
Free or Open Source Collaboration/eLearning Software
An easy Wiki Engine
Geographically Distributed Development
Tool to aid Code Review
Best Practice: Collaborative Environment, Bin Directory, SVN