Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A dedicated work account _where you use your work email address_... that was the missing part throughout this thread.

But then if you do that you also lose all your open source work history, which is important from a hiring/resume perspective.



One option for those so inclined is to cryptographically sign commits with a key that lists both work and personal email address (assuming your enterprise’s policy allows it). The employer retains control but you have a claim to credit for your work.


If we're discussing companies willing to go to lengths to scrub you from their GitHub history, they can still replace all commits you've signed with new commits. You likely have no legal rights to that work, and git does allow you to rewrite history arbitrarily.


It depends on the jurisdiction. In the US, copyright assignment is usually permanent. In the EU and Canada, you can claw back your rights to a degree and even revoke the usage altogether, if you manage to claw it back because they did "evil" things with it (moral rights).

In some cases (even in the US), if the employer does something that would be considered a "breach of contract", you can force them to remove all your code as well.

So, it would not be in the company's best interest to scrub their git history.


I think even in the EU and Canada, you don't have any copyright interest in work your perform as part of your employment. The copyright on the work you produce for your employer is entirely theirs, from the moment it is created.

Now, if you're a contractor performing work for a company, this may be quite different. But as an employee, I don't think you have any claim of authorship to the code you right as part of your job.


Look up "moral rights." You have some ability to revoke the usage of your work if it violates moral standards.


Some countries allow authors to transfer/assign or waive asserting their moral rights. Typically (and sensibly) this must be in writing.


> git does allow you to rewrite history arbitrarily.

Technically yes, but the price is too great - everybody who has cloned the repos will now have to nuke their local copies too.


Sure, but the same is true for unsigned commits as well, isn't it? Or can you modify the commit metadata without changing the commit hash in those cases?


> Sure, but the same is true for unsigned commits as well, isn't it?

Yes, I think so. As I understand, GP's idea was to sign your commits proactively.


My question was, is signing the commits really useful? Isn't it just as hard or easy to scrub you from the repo history regardless of whether the commits are signed or not?


If a spiteful ex-employer wants to scrub ex-employee authorship from the entire commit history in their public repos when someone leaves I don't think there's anything you could do to stop that either way, though it seems like it would be more trouble than it's worth and likely wouldn't scale. If they don't do that, assuming your old company email address still has your name in it I don't see why you'd lose credit for the work you did.


And you could still just change it right, as long as you did so before the employer revoked your access via the work email address.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: