Our fledgling startup is planning on experimenting with a basic outsourcing model. We plan on bringing in an external developer to take over a few 1 or 2 tasks that we feel would help free up our some of our time / attention for more of the domain specific things that make our startup unique.<p>Outsourcing / external development philosophy issues aside for the moment, I'm curious what strategies others use for minimizing risk in terms of access to our codebase. Maybe I'm paranoid but I would feel more comfortable delivering a semi-doctored repository which doesnt include things like api keys, user data etc until we are able to build a trusting relationship.<p>I dont think spending more than a few hours on such a solution is a good use of our time (we are young and fledling as I mentioned and I dont meant to exaggerate the value of our codebase / data). That said however, Im thinking of writing a script to do something like,<p>- clone our repository
- strip out sensitive pieces of data (api keys)
- remove the repository files (.git/) (on 2nd thought, I guess this is a double edged sword. Its safe b/c it prevents access to sensitive data but OTOH it makes the vcs merge case much more cumbersome)<p>So what strategies have you had luck with in this type of scenario?