Is it dangerous to keep code in gitlab and github
It's important to recall that even if git is the safest version control tool due to its hash check at every command you made, an important practice is to backup the repository from time to time...
Sometime for hardware or software failure but some other times to prevent lost of data due to human error.
And personal clone are not always sufficient.
As I mentioned in "Why does Git use a cryptographic hash function?", it is "safe" in term of data integrity (Linus Torvalds, 2007):
We check checksums that is considered cryptographically secure. Nobody has been able to break SHA-1, but the point is, SHA-1 as far as git is concerned, isn't even a security feature. It's purely a consistency check. The security parts are elsewhere.
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.Having a good hash is good for being able to trust your data
This has nothing to do with:
- privacy (which doesn't depend on Git itself, but on the Git hosting server, like gitHub or BitBucket)
- user identity (to really be sure about a commit user, as Thilo comments, you can sign commits (see "A Git Horror Story: Repository Integrity With Signed Commits")
The OP add:
what I mean is the owner of gitlab or github may steal our code
This is a question of trust: Does the git hosting server have access to your code if it is in a private repo? Technically yes.
Will they access your private code? As mentioned in "Can third party hosts be trusted for closed-source/private source code management?", nothing prevents them to.
Yet, many startups have their private code on, for instance, GitHub.
If you have real confidentiality concern, then it is important you keep the ownership of the all codebase, including the server where it is stored (meaning having your own Git repo hosting server).