Using GitHub in the DoD or US federal government
1,971 views
Skip to first unread message
Wheeler, David A
Oct 9, 2015, 6:34:12 PM10/9/15
to mil...@googlegroups.com
All:
Several people have privately asked me about using GitHub when supporting the US DoD or US federal government. I chatted with Jamie Jones and Ben Balter of GitHub about options; here's my attempt to summarize things (and my thanks to them for answering some questions). In short, if you choose to use GitHub, there are 3 main options depending on what you're trying to do:
1. If you're modifying or posting a pure open source software (OSS) project, you can just directly use freely-available GitHub.com site. Yes, even if you're in the DoD. Whatever's posted there becomes public, of course.
2. If you don't want some of the information public, you can create a private repository on the regular GitHub.com site. This will mean that your data is on GitHub's corporate systems. Many governments and companies trust GitHub to run private repositories for them, but whether or not your project can or will do that depends on the project and your organization. This is NEVER acceptable for classified work, obviously. Pricing information from GitHub about private repos is here: https://github.com/pricing . GitHub.com supports both personal private accounts and organization accounts, but governments typically get organizational accounts. Indeed, many government organizations already have accounts, but it can be a challenge to find out if yours is one of them. A partial list is here: https://government.github.com/community/ ; for US military and intelligence you can jump directly to https://government.github.com/community/#us-military-and-intelligence . In terms of GitHub.com usage you can see the NSA, NGA, ODNI, and Army all have public profiles.
3. If you want it private and putting the information on the regular GitHub.com site it not acceptable, you can pay for a "GitHub Enterprise" license and run the GitHub software on some other (separate) system. GitHub Enterprise is licensed per-seat (per-user); GitHub-the-company doesn't really care WHERE it runs. Basic info is here: https://enterprise.github.com/home
If you choose option #3 (GitHub Enterprise), you now have to figure out your hosting option (where will you RUN it?). Some hosting options:
1. AWS GovCloud. This is an isolated AWS Region designed to allow US government agencies and customers to run things, and complies with FedRAMP. Some useful URLs:
https://github.com/blog/2002-github-enterprise-now-on-aws-govcloud
https://aws.amazon.com/govcloud-us/
https://aws.amazon.com/compliance/fedramp/
2. Azure. More info: https://enterprise.github.com/microsoft/
3. (DoD) DISA hosting, e.g., the "Server Hosting" or its "Cloud Services" (including milCloud). Go to http://www.disa.mil/Enterprise-Services and click on "Computing".
4. Other hosting (e.g., on an internal system).
Sometimes your organization has something already set up that you could use, but it may be hard to find out where it is :-). GitHub is often contracturally required to NOT reveal its private customers; they could tell me that "GitHub.com and GitHub Enterprise is used within civilian agencies, DoD, and the IC at varying levels of classification and trust". A few options:
* Some organizations (mostly non-DoD) have a GitHub policy; if your organization has one, it should have that information.
* If you're US government, you can post a request on the mailing list https://github.com/government
* (For DoD) Post a request to MIL-OSS.
You can specifically contact GitHub about government-related issues by directly emailing gover...@github.com (this is a shared inbox that goes to the entire government team).
Also, a clarification. Please remember that git is open source software (OSS), GitHub is widely used to develop OSS, GitHub is internally implemented using OSS (at least Ruby on Rails per http://doeswhat.com/2012/03/06/interview-with-chris-wanstrath-github/ ), and GitHub has released some components it's built as OSS (e.g., task lists: https://github.com/blog/1930-task-lists-are-open-source). However, GitHub is not *itself* OSS.
This isn't an ad for GitHub; there are obviously multiple ways to support collaborative development (even if you're using git). That said, GitHub is obviously a very popular tool, and multiple people have asked me about it. I'm just trying to answer ONCE a question I've been asked multiple times.
--- David A. Wheeler
Several people have privately asked me about using GitHub when supporting the US DoD or US federal government. I chatted with Jamie Jones and Ben Balter of GitHub about options; here's my attempt to summarize things (and my thanks to them for answering some questions). In short, if you choose to use GitHub, there are 3 main options depending on what you're trying to do:
1. If you're modifying or posting a pure open source software (OSS) project, you can just directly use freely-available GitHub.com site. Yes, even if you're in the DoD. Whatever's posted there becomes public, of course.
2. If you don't want some of the information public, you can create a private repository on the regular GitHub.com site. This will mean that your data is on GitHub's corporate systems. Many governments and companies trust GitHub to run private repositories for them, but whether or not your project can or will do that depends on the project and your organization. This is NEVER acceptable for classified work, obviously. Pricing information from GitHub about private repos is here: https://github.com/pricing . GitHub.com supports both personal private accounts and organization accounts, but governments typically get organizational accounts. Indeed, many government organizations already have accounts, but it can be a challenge to find out if yours is one of them. A partial list is here: https://government.github.com/community/ ; for US military and intelligence you can jump directly to https://government.github.com/community/#us-military-and-intelligence . In terms of GitHub.com usage you can see the NSA, NGA, ODNI, and Army all have public profiles.
3. If you want it private and putting the information on the regular GitHub.com site it not acceptable, you can pay for a "GitHub Enterprise" license and run the GitHub software on some other (separate) system. GitHub Enterprise is licensed per-seat (per-user); GitHub-the-company doesn't really care WHERE it runs. Basic info is here: https://enterprise.github.com/home
If you choose option #3 (GitHub Enterprise), you now have to figure out your hosting option (where will you RUN it?). Some hosting options:
1. AWS GovCloud. This is an isolated AWS Region designed to allow US government agencies and customers to run things, and complies with FedRAMP. Some useful URLs:
https://github.com/blog/2002-github-enterprise-now-on-aws-govcloud
https://aws.amazon.com/govcloud-us/
https://aws.amazon.com/compliance/fedramp/
2. Azure. More info: https://enterprise.github.com/microsoft/
3. (DoD) DISA hosting, e.g., the "Server Hosting" or its "Cloud Services" (including milCloud). Go to http://www.disa.mil/Enterprise-Services and click on "Computing".
4. Other hosting (e.g., on an internal system).
Sometimes your organization has something already set up that you could use, but it may be hard to find out where it is :-). GitHub is often contracturally required to NOT reveal its private customers; they could tell me that "GitHub.com and GitHub Enterprise is used within civilian agencies, DoD, and the IC at varying levels of classification and trust". A few options:
* Some organizations (mostly non-DoD) have a GitHub policy; if your organization has one, it should have that information.
* If you're US government, you can post a request on the mailing list https://github.com/government
* (For DoD) Post a request to MIL-OSS.
You can specifically contact GitHub about government-related issues by directly emailing gover...@github.com (this is a shared inbox that goes to the entire government team).
Also, a clarification. Please remember that git is open source software (OSS), GitHub is widely used to develop OSS, GitHub is internally implemented using OSS (at least Ruby on Rails per http://doeswhat.com/2012/03/06/interview-with-chris-wanstrath-github/ ), and GitHub has released some components it's built as OSS (e.g., task lists: https://github.com/blog/1930-task-lists-are-open-source). However, GitHub is not *itself* OSS.
This isn't an ad for GitHub; there are obviously multiple ways to support collaborative development (even if you're using git). That said, GitHub is obviously a very popular tool, and multiple people have asked me about it. I'm just trying to answer ONCE a question I've been asked multiple times.
--- David A. Wheeler
Christopher Sean Morrison
Oct 13, 2015, 10:41:15 AM10/13/15
to mil...@googlegroups.com
11TB of LIDAR scan data for the UK made available:
https://environmentagency.blog.gov.uk/2015/09/18/laser-surveys-light-up-open-data/
Data and website are here:
http://environment.data.gov.uk/ds/survey#/download
Data is under the CC-BYesque Open Government Licence:
http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Cheers!
Sean
Reply all
Reply to author
Forward
0 new messages