Best practices for private and professional accounts

Hello,

I searched for a while now but found no clear answer.
Github recommends to use one account for private and for business use. For this you can use multiple mail-addresses.
There is also a documentation for what you (as employee) should do if you leave. This includes also to remove the mail address.

My question is now if this can also be enforced by the company. Even if there is no access to repos anymore it may become a problem if someone commits suspicious code under your company domain.

Any hints how to handle this?

Malte

I don’t exactly get your question, but can provide you with the following information:

You can associate as much mail addresses to your GitHub account as you want. If you go trough a verification process, you can also verify your linked mail addresses. That is a good thing, because I can make a commit using Git with your mail address right know. But since your mail address is tied to your account, the contribution is yours. You can always add or remove mail addresses to your account. A company can not enforce mail address removal from an account they don’t have the credentials of.

And yes, you should use a seperate account for work/private.

More information: https://help.github.com/articles/about-commit-email-addresses/

If you have any more questions, I’d be happy to hear.

Hi Mark,

thank you for your help.
I was searching for a while now what is the best practise for private and business use. There are several perspectives for this.  The highest relevance is for me the documentation from github itself: “You can use one account for multiple purposes, such as for personal use and business use. We do not recommend creating more than one account.”
https://help.github.com/articles/differences-between-user-and-organization-accounts/

My question was how to claim a domain (for mails) from a company perspective.

Let’s use this example:

  • User A works for a company and claims the mail-address a@example.com as one of his github addresses
  • User A leaves the company
  • User A commits explicit bad code to a popular repo
  • This may not be in interest of the company.

I think this is a “edge case” and I hope never to come into this situation. Nevertheless it would be quite important to know. Because of this I’m searching for an option to “whitelist” the usage of this (mail)domain only for active colleagues.Also a second user would not help on this issue, why the question would be even more interesting.

Are there any hints how to work with this? Or just accept the risk?

Many thanks

Malte

From a management perspective, I would do the following:

  • Give employees a company mail address (employee@company.com) - you probably are already doing this
  • Instruct the employee to create a  new GitHub account with their company mail address - this address is then associated with the account
  • Add that account to your GitHub organization
  • Let the employee make their commits using that mail address - GitHub will link these commits to the user in your organization (this will be publicly visible)
  • Employee gets mad and quits
  • Kick the ex-employee out of the organization

At this point, publicly, the account has no relation to your company  except  the mail address. But that only indicates to users that this person  ever had access to that mail address and doesn’t prove much. I wouldn’t be bothered by it. However, if you are paranoid enough for it, you can just buy a cheap domain like  fkdjslkdjfklsdjf.com and let your employees use that domain as a commit mail address.

As for creating multiple accounts - I don’t think I would be a big fan of letting users use their personal accounts at work, but on the other hand it isn’t that big of a deal either. Just as with the mail addresses, just make sure to remove employees that have left the company from the GitHub organization.

1 Like

Hey Mark,

thanks a lot for you answer. These helps me a lot. :slight_smile:

Many regards

Malte