Collaborating Outside the Firewall with Git Fusion
Collaborating with external contributors on a software project is always challenging. You'll face a different set of challenges if your primary repository is Perforce or Git, of course. If you're working with a partner company or a consulting firm, you have to work out a lot of logistics:
- Your primary repository is behind your firewall. How do they access it securely?
- How do you limit their view of the data? They shouldn't be able to see everything you're working on. (This is the tricky part if your primary repository is Git. Splitting a partial set of data out of Git is challenging to say the least.)
Git Fusion provides a great solution for this situation: expose a carefully scoped, shared Git repository through Git Fusion.
Alternatively, if you prefer to only permit outbound SSH through your firewall, you can use an intermediary Git repository outside the firewall. This configuration is similar to an open source project where a trusted reviewer will accept and review contributions from external collaborators, before pushing changes to the 'master' repository. The external Git repository serves as a collaboration point for merging external and internal work, with an internal developer pulling changes back through the firewall to Git Fusion.
Using this deployment solves a few problems.
- The data accessible to the external users is the data exposed through Git Fusion views. You can be very selective about which files to share.
- The external users do get the full history of the shared data in their local Git repositories. That's better than working with 'code drops'.
- You only need to open the SSH port in your firewall. (Of course you can take other normal network precautions if you wish.)
- Communication outside the firewall is over SSH, a secure protocol.
- Git Fusion requires the use of public/private keys for authentication. A lost password won't compromise your data; a hacker would need to get someone's private key as well.
- You can quickly remove someone's public key to revoke their access.