I don't believe there's any major harm in using Github for most projects.
Maintaining my own servers and chasing ideological purity doesn't improve my project. Any time I dedicate to setting up infrastructure is time I'm not dedicating to making the code better.
The nature of Git means Microsoft can't really do much harm. Every developer and contributor has a copy of the repo, should the worst happen setting up home elsewhere isn't that difficult. But until it is, why spend time on it?
Issues and PR are covered in git-bug bridges, easily mirrored to other forges. But since all other forges still suck compared to github, everybody uses github.
> I don't believe there's any major harm in using Github for most projects.
Actually there was one mentioned in a different post. You're at the mercy of Microsoft (and random US sanctions) not only for your project, where you have a copy of the source and are the canonical source for further updates, but also for your dependencies.
My thoughts as well. Microsoft is just one of the companies, Google is no better either. Any OSS component could be bought and made non free, any free project provided by Google etc could change the licence and prevent you from using it, similar happened recently.
I think it is great that people use GitHub as it has a low barrier of entry, if anything happens the stuff can quickly be moved elsewhere. Until then we can piggyback on the free platform. Using some other company does not make it immediately safer anyway.
The challenge here is more about archiving, especially those rarely used repos. In any case GH is safe as MS is focussing more on AI now and they do not have a good alternative to GitHub to think about turning it off like Skype yet.
The reason I don't use Github is Microsoft's hatred stance on open source.
Anyone remember Microsoft calling Linux a "cancer"? Or Microsoft threatening open source developers for violating 200 patents? Or their official stand where they whould threaten and fear Linux devs? The secretly funded lawsuits against Linux? They even threatened lawsuits at companies for just using Linux.
VSCode itself was a malicious move by Microsoft to capitalize on Atom's success, followed by the acquisition of Github and the beheading of Atom.
VSCode is "open source" with a walled garden of a marketplace. A quick look at how Microsoft is trying to kill competitors like Cursor (within the last week) by squeezing them out of the walled garden is... telling.
These moves by Microsoft are not made in the spirit of open source. It's in the spirit of EEE.
Big corporations are not monoliths, despite them having an overall singular personality. I believe that vscode was a sincere attempt, at least in the beginning. While based on electron which was originally developed for Atom, vscode was always much more performant than atom.
But when it did gain a lot of developer attention, MS's true nature took hold and gradually converted it into the walled garden we see today. It was more subtle in the beginning - a few useful extensions were proprietary and wouldn't work on non-MS builds of vscode for some unspecified reason. It was like a gentle nudge to the developers to migrate to their opaque proprietary builds. Of course, we have seen that before, haven't we?
As an aside, if you like vscode but hate the manipulation, you should give the Eclipse Theia editor [1] a try. It's an almost complete reimplementation of vscode and is compatible with the extensions from OpenVSX. I believe that they have fairer alternatives for collaborative editing, etc. At least, they will spare you the manipulation.
I think the reasons mentioned in the article are to be taken seriously (unlike some of the other commenters here). Historically, Microsoft has shown itself as "not an ally to Open Source" to put it mildly. And there is a real tie-in to Github-the-platform (issues, workflows, etc) despite the fact that git repos themselves can be migrated away trivially (by design).
Having said that, the alternatives they mention aren't realistic. Precisely those things that make GitHub dangerous, are the things that make it worth choosing. In particular: network effects, issue tracking and PRs.
Issue tracking and PRs have good alternatives. Some dedicated solutions are frankly a lot better than GH - if only people didn't dislike discrete solutions.
On the other hand, network effects is a big problem - especially for open source projects. There isn't a good way to find projects that are scattered over thousands of small git hosts. There should be a project listing and search service (like freshmeat), but for hosted projects.
Companies/Corporations aren't good or bad, they simply don't obey to moral rules like humans, as their sole goal is making more profit and make sure it will grow with time. As they grow,this aspect becomes less and less compatible with the customers interests, that's why we see many businesses rewriting their contracts or terms and conditions in a more restrictive way and rarely the other way around.
It's not about being companies being good or bad; it all depends on if and when the company need for profit will force them to walk that line after which they start to be user hostile. So, pretty much any company can be forced one day in a condition to become "evil".
For that matter, I'd trust Codeberg over GitHub any day, as it has no interests in pushing me into using other services, selling my data or should they go bankrupt (hardly as they're a non profit) lying to me about that until it's too late because my data is an asset their liquidators want to cash from.
It was taking screenshots and storing them locally - the (justified) anger about it was that anyone with physical access to your machine (eg an abusive spouse) could see what you had been doing, and it was to be turned on by default.
They are a large and wealthy corporation, with a lot of proprietary software and service products. It may appear, at times, that their interests align with the interests of end users or open source contributors, but that is at best a fleeting illusion; the moment they figure out how to make more money by screwing people, that's exactly what they'll do. That's why Recall is coming back to Windows, despite a huge backlash some five minutes prior. It's why the code to Windows and Office will never be open source. It's why the SSH remote plugin for Visual Studio Code is, for some reason, a proprietary binary that MSFT refuses to build for platforms that are not economically relevant to the Azure business unit (e.g., BSD or illumos systems).
I just had my GH account "flagged" (basically all interaction over web or API is locked, all open PRs wiped). No explanation.
Opening a support ticket is blocked by SMS verification. Which 429s. No idea if and how this will be sorted. Trust with some collaborators will definitely be hurt after the ban/flag even if lifted.
Really should have worked more on assigning another owner to the managed org...
So yeah, in case anyone who cares at GH sees this, account name profile.
Run a periodic script that slurps bug data via the API and updates a file in the repo with this information. If GitHub goes away you at least have a local copy of the raw data no more than a day old or so.
GitHub json data is horrible but not intractable to work with.
More than ever since github broke for good noscript/basic (x)html support under the guidance of... msft not that long ago (I am a noscript/basic (x)html user).
This will attract the fire of msft "trolls" (AIs or humans)... strap on for impact...
One thing that I haven't quite understood is why more projects don't host their own git services on their own project website. Are there any specific challenges or is it just because of the maintenance overhead?
- convenience (everyone already has a GitHub account and is familiar with the platform)
- discussions platform (issues, prs, discussions)
- CI (GitHub Actions)
It's already there, and it's free for the most part. Why would I bother hosting my own?
It highlights an impact of concentrated wealth on technological development in general, the third option: If a competing technology can't just be ignored, or crushed, the final veto is to simply purchase it.
Which is what M$ has been doing for the last 1/2 decade due to the ever increasingly crappy nature of their OS product.
To slightly modify the article's conclusion: no one should host anything on github...
Of these alternative forges I actually came across notabug first. I however was never able to establish how it is funded and who the people behind it are. Yes, The Peers Community", I followed that link too.
Also why does their website have to look so damn ugly? Is it so hard to design something inviting? I know that's not what really matters for a git server, but I just can't take such a project seriously. "Who knows what else they didn't really care about?" in the back of my head...
>Also why does their website have to look so damn ugly?
Because it was made by coders. Old school coders. Backend coders.
>I know that's not what really matters for a git server, but I just can't take such a project seriously. "Who knows what else they didn't really care about?" in the back of my head...
Yes, a nice looking website, that epitome of project maturity and quality /s
(as if there's a shortage of barely working vaporware FOSS projects with great looking websites, because their creators are more into the whole hussle culture / fancy launch page / web design than coding)
I had a CTO that would insist he had to pick every single dependency himself personally. And he mostly decided depending on how much he liked the CSS on the website.
That's how we got to use a payment provider that had absolutely no documentation and was located on the other side of the world, so queries to their support team would take 24h.
We never managed to actually get any money via that provider.
You need to understand how government buys software. Nobody prevents any company to propose the smallest possible price by utilizing OSS. Yet this is not happening because all of those pushing the idea do not really do anything and actually help their governments locally.
Another important factor is that gov workers rarely have enough skills to run OSS software, they are understaffed. And, it is difficult to integrate OSS with the existing systems.
Finally there is a question about responsibility and control. If you get a 0-day in OSS, who will patch it and who has the rights to push that patch? It is about managing risks.
What happens with a 0day in windows? Ah yes it gets fixed much much later.
If you think large entities always do the efficient and rational thing, can you explain why governments of countries that are not the USA depend on software that is controlled by a hostile superpower?
Well due to events in the US, I think governments at the very least should be very careful with having projects be reliant on Github, given that US has and can decide to lock off your country.
When they are in a position of power, they can also gatekeep access to other people's repositories, not just your own.
Surely, it may be a bad idea, to be _reliant_ on GitHub entirely, but in the world, where supporting your own infrastructure is so expensive and time-consuming I think, that GitHub is a acceptable option.
Linus Torvalds (Git was originally created by him) seems to be actively contributing in GitHub for the Linux kernel repository (also created by him): https://github.com/torvalds/linux Anyone has seen his position on this topic?
> So sure, you may think I hate github. I don't. I hate very specific parts of github that I think are done badly.
> But other parts are done really really well.
> I think github does a stellar job at the actual hosting part. I really do. There is no question in my mind that github is one of the absolute best places to host a project. It's fast, it's efficient, it works, and it's available to anybody.
> That's wonderful. I think github is absolutely lovely in many respects.
> And that then makes me really annoyed at the places where I think github does a subpar job: pull requests and committing changes using the web interface.
Maintaining my own servers and chasing ideological purity doesn't improve my project. Any time I dedicate to setting up infrastructure is time I'm not dedicating to making the code better.
The nature of Git means Microsoft can't really do much harm. Every developer and contributor has a copy of the repo, should the worst happen setting up home elsewhere isn't that difficult. But until it is, why spend time on it?