Is it safe to download code from GitHub? [closed] - github

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I'm fairly new when it comes to using GitHub, so I'm a bit skeptical when it comes to downloading repos and running them on my machine. I am looking at a key logger right now, for personal use (fun) and not to do anything malicious.

Nothing that you download from the internet is 100% safe. However, you can generally gauge the safety of code on Github by the following factors:
# of Contributors/Commits: This tells you that there are a lot of people working on it, not just a single bad actor. While it is possible that it is a group conspiracy to infect users' computers, a larger # of people working to improve the code is generally a good sign.
# of Stars: Basically shows how many people are interested in the project. You can take this as a crowd-verified reputation system of sorts. If a lot of people are interested, it is likely not malicious.
Activity: Are people updating it, fixing bugs, etc? Ensure that there aren't open unaddressed bugs.
In terms of quality, you should also look for good documentation and the existence of unit tests to check that the code is clean.

As with anything you download over the internet, there could be malicious stuff when you download anything, some antivirus quickscan keep novices happy, most do automatically nowadays as people use the files.
When you do compile it and run it, well, it is assumed you KNOW what the program is when you compile you will have all the source code for it to compile. If the program is communicating with the internet through a backdoor, the backdoor should be pretty elaborate and is often not some simple 1 line of code (If the program is using any 3rd party linked libraries, checkout the libraries themselves).....security concern can go on and on.
but in the end, if you trust the dev who are working on the tree, download and run it. GitHub has pretty secure end-to-end transmission, and you can check the integrity of the repo with checksums to virtually eliminate the man-in-the-middle stuff.

Related

Which content management to choose when developing is crucial [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have been evaluating DNN over a few months. It has it´s pros and cons. I find it hard to evaluate systems by reading articles and don´t have time to check them all on my own.
What are your general feeling about this?
As my background is with .net, which system would you choose?
Also, does anybody know if these pages at stack overflow is based on a CMS and if so which?
Since everyone would rather spend more time criticizing your post than answering it, I'll give it a shot.
You have a few options with building a portal. Either go with an established, open source portal (like DNN), look into some paid solutions or build your own.
Open Source - I've worked with DNN and MojoPortal. DNN is a little slower and has a few more requirements to develop skins and modules, but it has A LOT more features and some of the free/paid modules are really cool. Overall, DNN wins here, but if you don't need a large portal and you want to keep development really simple, MojoPortal might be better. MojoPortal has a few nice features that makes it easier to configure.
Open Source (Other) - There are tons of them out there. Orchard is one I'm thinking of because I'm interested in MVC. But, it's still young in terms of features and support.
Umbraco - I can't really speak to this because I have not used it, but it does have some popularity.
Build it - This is an option and allows the most flexibility, but it takes a lot of time and so many features that are built into these portals could be left out. Role based access, page management, page/module permissions, downloadable modules, profile/profile properties, file management, skinning, acct management, menu management, event logs, etc
I left out non .NET solutions like ones based on PHP, Grails, etc because you are a .NET developer. There is plenty out there, but sticking to .NET will help speed your development up.... unless you are just wanting to learn something new.
Hope this helps.

How to maintain a small repository of bash/python scripts [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
For the past several years, I've been making small (single file, 1-500 line) scripts (mostly bash & python) to automate random tasks (usually scientific data analysis). Most of these end up being one-offs, but sometimes I want to go back and revisit/change something, or end up with a rather unwieldy script that could benefit from some sort of version control. I should note that all of these scripts are done solely on my own, and don't necessarily need to be share-able.
Which type of versioning (SVN,CVS,git,Mercurial..) Has the simplest command structure/syntax for my use case? More importantly, the machines I connect to are behind rather finicky kerberos walls, so I'm not looking for any sophisticated server-based implementation.
I found this thread from 2010 asking a similar question, though it didn't really talk about specific options, just whether or not I should be using a single repository.
In short, which versioning system allows for simple same-directory approach with minimal bells & whistles (only checkouts and commits needed)?
Should I set up some sort of subversion/CVS/git repository and just throw everything in?
Yes.
For your use-case, I suppose, SVN can be best choice (with URL-based access to every object in repo you can easy and fast get access to any single file any revision of file and for your linear history "not the best" merge in SVN isn't problem). Local file:///-based repository will require minimum of maintenance. You can use single-repository, flat tree (all files in /trunk)

Can GitHub be used for writing a collaborative article? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I am contemplating writing a useful article in a field of my interest. There are many others (about 10-15) people interested in peer reviewing and collaborating on the same. I am not a prolific programmer, but I understand how GitHub works for version control.
Can I use it for writing a 4-5 page collaborative article (version control is very important part) or do you think a better alternative exists?
You certainly could, but I don't know if it's the best choice. A couple of questions come to mind. Is this a text-based document format or are you planning on doing your writing in something like MS Word? If the former then I think it could work well. If the latter I would say it may be less effective.
What about your other collaborators? Are they savvy enough to use a DVCS? That would have some influence as well. I don't know how strongly you need the document versioned, but I could see using git as overkill.
I've found that using Google Docs works well and has a revision history, although it's obviously not as robust as would be found in a VCS.
I think it would work great. The Ruby on Rails guides are on a publicly write/readable repository at GitHub, for instance. You get get Git things for free (branches, blame, general version control features), plus you'll have a reliable backup and publishing mechanism if you like.
Given that the contributers are computer literate enough to successfully use Git, that is.
If you write it in Markdown, you can throw inline HTML into it (just by itself like you can do on Stack Overflow). Easy to write, easy to style, etc.
You can, but on the other hand:
Most wikis allow rich-content pages easyly, are ready for collaborative editing and have versioning and version-management embedded in the core.
One promissing recent development is penflip (https://www.penflip.com/) which was created with the idea of being a "github for text".
Check this article to learn about the author's ideas http://madebyloren.com/github-for-writers
Consider using google docs. They have some kind of version control. And it is much more suitable for this kind of work.

Compare Harvest to other source control systems? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
From the top, "source control" seems like a bad way to describe CA Harvest; it's a deployment control system, and it's actually pretty good at just deploying code. I've found it to be lacking when doing source control tasks, though.
If you've used Harvest;
what did it do right?
what couldn't it do?
what did it do with a workaround so hackish it took 3x longer than you'd expect?
(Someone correct me if I'm wrong.) Harvest seems awesome for deployment control, enforcing steps along a deployment lifecycle, and getting a chain of approval for deployments to production. That said, it's missing on the developer-friendly side.
It seems like I need to use the Workareas; they let me put all the code on my local machine, so I can do development.
With Workareas, I can only synchronize from the repository, but not get a report of what just sync'ed in; I don't know what changed, or who changed it, or why.
To add comments to checkins using Workareas, you have to manually enable the functionality in the preferences, which is a huge red flag to me.
I can't seem to figure out how to find out what changed since a specific time; what changed since Friday at 5 PM, for example?
There aren't any atomic commits; I can't commit files as a group, then roll the group back later if something goes wrong. I can do it as a package, but that's heavyweight; a package should be able to contain hundreds of atomic commits/groups.
And worst of all, it's entirely unsupported by Stack Overflow and/or any other question-and-answer site I can find. If I can't figure it out... I'm shooting blind.
We're currently migrating away from Harvest.
Configuration management and code deployment. We have a pretty good process flow going.
Branching and merging. Horrible SCM tool really.
?

Versioning library like SQLite database library? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I like how SQLite library can be included into an application and the application has a full-fledged database to use.
Similarly, is there an open source versioning library that I can include into my application so that I can save versions of files as well as do diffs and merges?
SVN doesn't require any prerequisites on end user machine. You can embed SVN right into you app. To learn more on subversion integration, visit "Application Integration/Embedding" thread on SVN forum.
Answering my question myself, I recently discovered hgshelve and gitshelve that is almost exactly what I was looking for.
I am not entirely sure what you mean by "included in an application", as you could potentially deliver any library so long as the licensing allows. Are you referring to the fact that sqlite is small or that it is public domain?
Mercurial is a similarly lightweight piece of revision control software. If you are writing your application in python, which is likely since python now includes sqlite3, importing features directly from mercurial's source code should not be too difficult. Otherwise there's no shame in invoking commandline processes, though this may be clunkier. Mercurial is not public domain, but it is GPL'd.
Mercurial is also my personal favorite among modern revision control systems. It's leaps ahead of CVS and Subversion, and very similar to GIT although somewhat simpler to use.
You might want to look at fossil, an scm tool written by the author of sqlite. I don't know how easy it is to embed, but it is a single file executable so it should be quite easy to run from within your application.
Arguably, running it as a seperate process might actually be better than embedding since it won't slow down your app while it does what it does.
In my opinion Firebird is one of the best choices for embedded DB scenarios.
Also Microsoft SQL Server Compact (closed source, but free) might be suitable, however it less capable than Firebird.
EDIT:
I misread you question. If you don't need RDBMS, you can try to embed SVN to your application.