I'm outsourcing the development of a web app on oDesk, I've designed the front end myself and the back end is being developed using Laravel / MySQL. I know a bit of PHP, but not enough to a) do the project myself b) audit, comment on quality / approve the code written by a third party. To get around this I want to setup a repo where I can work with my outsourced team, which consists of:
- 1 backend dev
- 2 code auditors / checkers
- and myself for the front end and project management
The auditors won't actually be writing any code, rather checking the code that the backend dev has written, all parties are independent.
It's not that I don't trust the back end dev, it's just that the app is to help us better manage our business, and is thus mission critical – so we need stable well written code that adheres to best practices, and that is something I can't really comment on as I don't know what I'm looking at. That's why I've chosen to outsource some code auditors, with the second one as a fail safe.
I don't really want any of the parties talking to one another, I want it to all go through myself.
Can you, in GitHub or Bitbucket, allow anonymous or hidden users to view a private project so that they can view the code and comment on it back to me, but not be able to talk directly to the back end dev?
Best Answer
Not the way you're thinking of at least in GitHub.
What you could try is have two separate repos with their own access list using Organizations and Teams.
When you create teams in GitHub you can also restrict access to certain repositories per team.
So you can set up the following:
Then, when dev-repo has new commits, pull down the changes to your local and push them back up to audit-repo.
Auditors can then leave comments and issues on their version of the repository under audit-repo and you can then relay any issues you think dev-repo should know about without either developer or auditor team seeing each other via these private repos.