Comment by x0x0

Where I work, the VPE signed up for Code Climate. Code Climate also gets our code by asking for git creds, making it very clear what they're doing.

Installing Kite and accidentally allowing them to sucker me into uploading the entire corporate source tree -- quite possibly with creds -- is literally a walk you out fuckup. At bare minimum I would have to page ops and roll creds on every bit of prod. Want to know why there's both a gitignore and a git commit hook making sure 'config/creds.py' is not uploaded anywhere?

There's virtually no ethical way to build that dialog unless you put 40 point red font saying "We upload your entire source tree" and make you wait 10 minutes before continuing. This is not a decision line level devs are allowed to make on their own, and Kite tricks them into doing exactly that.