My company’s IT department wants to implement a new rule where only they can create new repositories on our code hosting platform. They say this will stop people from making public repos by mistake and exposing company secrets. They also want to make sure all repo names follow their naming rules.
I think this will make our work slower since we do a lot of research and machine learning projects. We often need to create several repos each month for testing new ideas. The IT team works in one time zone but our developers are all over the world, so getting approval might take forever.
Is this kind of restriction common at other companies? I have worked at a few places before and never seen this type of policy. Our team works on different AI projects like equipment monitoring, supply chain optimization, and chatbots. Each project has its own timeline and requirements.
Just wondering if this is how most organizations handle repository management or if this seems overly strict.
Hit this same nightmare last year. Manual approvals were killing our ML pipeline.
We automated the entire repo creation process. No more devs bugging IT for new repos - built a workflow that handles everything instantly.
System checks naming, sets permissions, applies security templates, creates repos automatically. IT gets audit logs and sets rules once instead of gatekeeping every request.
Perfect for your global team - no timezone issues. Devs spin up repos 24/7, IT keeps their security standards.
We added automatic scanning for sensitive data too, so accidental public repos get caught early. IT has more control than before, devs get zero wait time.
Took two days to build, saved hundreds of hours. Your AI projects move fast, IT sleeps well knowing policies run automatically.
honestly, this sounds like a productivity nightmare. we had something similar at my last job and it killed innovation - evry1 was too scared to experiment. maybe suggest a compromise? auto-approve private repos but manually review public ones.
Been there - same thing happened to us two years back. Management freaked out after a competitor dropped something way too similar to our prototype. The lockdown sucked. Our deployments went from days to weeks since every repo needed committee approval, and they only met twice a week. Here’s what worked: tiered permissions. Senior devs and team leads got blanket approval for private repos in their projects. Public repos still needed IT review, but they promised 48-hour turnarounds. We automated naming conventions through templates, which actually cleaned up our organization. The real trick was showing them the money. We tracked every hour wasted waiting for approvals and converted that to missed deadlines and lost revenue. Once finance saw the damage, they pushed IT to find something that worked for security without killing dev speed.
This policy’s definitely becoming standard, but your IT team sounds way too rigid. We push back hard on this stuff - got them to agree to self-service repo creation with automated compliance checks instead of manual gates.
Yeah, this is happening everywhere now, especially after those big data breaches. We had total freedom at my company until someone accidentally pushed API keys to a public repo. Management locked everything down overnight after that security mess. You’re right about the timezone issue - it’s a real pain. We fixed it with repository templates that have pre-approved configs for different project types. IT made standard templates for ML experiments, production code, and research projects. You can clone these instantly without waiting for approval since the security settings and naming are already built in. For your AI work, I’d suggest a compromise: auto-approve experimental repos under a certain size, but require review for larger ones or anything going to production. Our data science team loves this setup since they can prototype quickly.