Best practices for private and professional accounts #22335

derBroBro · 2019-01-20T22:02:44Z

derBroBro
Jan 20, 2019

Hello,

I searched for a while now but found no clear answer.
Github recommends to use one account for private and for business use. For this you can use multiple mail-addresses.
There is also a documentation for what you (as employee) should do if you leave. This includes also to remove the mail address.

My question is now if this can also be enforced by the company. Even if there is no access to repos anymore it may become a problem if someone commits suspicious code under your company domain.

Any hints how to handle this?

Malte

Answered by mpboom

Jan 23, 2019

From a management perspective, I would do the following:

Give employees a company mail address (employee@company.com) - you probably are already doing this
Instruct the employee to create a new GitHub account with their company mail address - this address is then associated with the account
Add that account to your GitHub organization
Let the employee make their commits using that mail address - GitHub will link these commits to the user in your organization (this will be publicly visible)
Employee gets mad and quits
Kick the ex-employee out of the organization

At this point, publicly, the account has no relation to your company except the mail address. But that only indicates to use…

View full answer

mpboom · 2019-01-22T19:28:34Z

mpboom
Jan 22, 2019

I don’t exactly get your question, but can provide you with the following information:

You can associate as much mail addresses to your GitHub account as you want. If you go trough a verification process, you can also verify your linked mail addresses. That is a good thing, because I can make a commit using Git with your mail address right know. But since your mail address is tied to your account, the contribution is yours. You can always add or remove mail addresses to your account. A company can not enforce mail address removal from an account they don’t have the credentials of.

And yes, you should use a seperate account for work/private.

More information: https://help.github.com/articles/about-commit-email-addresses/

If you have any more questions, I’d be happy to hear.

0 replies

derBroBro · 2019-01-22T21:27:17Z

derBroBro
Jan 22, 2019
Author

Hi Mark,

thank you for your help.
I was searching for a while now what is the best practise for private and business use. There are several perspectives for this. The highest relevance is for me the documentation from github itself: “You can use one account for multiple purposes, such as for personal use and business use. We do not recommend creating more than one account.”
https://help.github.com/articles/differences-between-user-and-organization-accounts/

My question was how to claim a domain (for mails) from a company perspective.

Let’s use this example:

User A works for a company and claims the mail-address a@example.com as one of his github addresses
User A leaves the company
User A commits explicit bad code to a popular repo
This may not be in interest of the company.

I think this is a “edge case” and I hope never to come into this situation. Nevertheless it would be quite important to know. Because of this I’m searching for an option to “whitelist” the usage of this (mail)domain only for active colleagues.Also a second user would not help on this issue, why the question would be even more interesting.

Are there any hints how to work with this? Or just accept the risk?

Many thanks

Malte

0 replies

mpboom · 2019-01-23T10:47:06Z

mpboom
Jan 23, 2019

From a management perspective, I would do the following:

Give employees a company mail address (employee@company.com) - you probably are already doing this
Instruct the employee to create a new GitHub account with their company mail address - this address is then associated with the account
Add that account to your GitHub organization
Let the employee make their commits using that mail address - GitHub will link these commits to the user in your organization (this will be publicly visible)
Employee gets mad and quits
Kick the ex-employee out of the organization

At this point, publicly, the account has no relation to your company except the mail address. But that only indicates to users that this person ever had access to that mail address and doesn’t prove much. I wouldn’t be bothered by it. However, if you are paranoid enough for it, you can just buy a cheap domain like fkdjslkdjfklsdjf.com and let your employees use that domain as a commit mail address.

As for creating multiple accounts - I don’t think I would be a big fan of letting users use their personal accounts at work, but on the other hand it isn’t that big of a deal either. Just as with the mail addresses, just make sure to remove employees that have left the company from the GitHub organization.

0 replies

derBroBro · 2019-01-25T18:18:11Z

derBroBro
Jan 25, 2019
Author

Hey Mark,

thanks a lot for you answer. These helps me a lot. :slight_smile:

Many regards

Malte

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Best practices for private and professional accounts #22335

{{title}}

Replies: 4 comments

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

GitHub Community

Best practices for private and professional accounts #22335

derBroBro Jan 20, 2019

Replies: 4 comments

mpboom Jan 22, 2019

derBroBro Jan 22, 2019 Author

mpboom Jan 23, 2019

derBroBro Jan 25, 2019 Author

derBroBro
Jan 20, 2019

mpboom
Jan 22, 2019

derBroBro
Jan 22, 2019
Author

mpboom
Jan 23, 2019

derBroBro
Jan 25, 2019
Author