summaryrefslogtreecommitdiff
path: root/doc/security
diff options
context:
space:
mode:
authorSytse Sijbrandij <sytses@gmail.com>2014-09-18 09:41:38 +0200
committerSytse Sijbrandij <sytses@gmail.com>2014-09-18 09:41:38 +0200
commitff4a45effb49b5935ba46ca0f17221062bd28d52 (patch)
tree4c15e7932be5fd5ef8e41387468067b2059be283 /doc/security
parent01c101752da95b4d4d0caf4f36fd9f6aa87a272f (diff)
downloadgitlab-ce-ff4a45effb49b5935ba46ca0f17221062bd28d52.tar.gz
Add information on information exclusivity.
Diffstat (limited to 'doc/security')
-rw-r--r--doc/security/README.md1
-rw-r--r--doc/security/information_exclusivity.md8
2 files changed, 9 insertions, 0 deletions
diff --git a/doc/security/README.md b/doc/security/README.md
index b89e8cbe020..f88375f2afd 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -2,3 +2,4 @@
- [Password length limits](password_length_limits.md)
- [Rack attack](rack_attack.md)
+- [Information exclusivity](information_exclusivity.md)
diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md
new file mode 100644
index 00000000000..f6f89ce58a9
--- /dev/null
+++ b/doc/security/information_exclusivity.md
@@ -0,0 +1,8 @@
+# Information exclusivity
+
+Git is a distributed version control system (DVCS).
+This means that everyone that works with the source code has a local copy of the complete repository.
+In GitLab every project member that is not a guest (so reporters, developers and masters) can clone the repository to get a local copy.
+After obtaining this local copy the user can upload the full repository anywhere, including another project under their control or another server.
+The consequense is that you can't build access controls that prevent the intentional sharing of source code by users that have access to the source code.
+This is an inherent feature of a DVCS and all git management systems have this limitation.