The Gits

(updated June 4 – the sale confirmed a few mins ago –

For many years I have been trying to warn people against using GitHub. I haven’t made a big deal about it, but the basic argument is that if you are an open source project and you understand all of the downsides of closed source, then why are you storing all your code in a service that is closed source?

The blind spot towards github is so extreme amongst many open source practioners that many hadn’t even considered the issue.

Here is a case in point. I have written on this issue several times, most recently:

Another Good Reason not to use Github

and prior to that, this rather silly short post:

Why Github is Bad for Open Source

Which appealed to the vegetarian side of me…but check out these responses on well known geek hangout reddit to the short silly post :

Why Github is Bad for ‘Open Source’ [sic] from linuxmasterrace

The last post summing it all up:

GitHub is better for open-source than many most other sites, however.


And now…of course…acquisition news….and when I saw it I thought it must be a an April fools joke because it is just too horribly poetic:

Microsoft and GitHub are in discussions for the acquisition of github by MS.

There are a couple of takeaways already from this. First, even if it doesn’t happen it will hopefully wake some people up.

Second, the mere fact that this is rumored to happen will keep a lot of people awake at night including all those competitors to MS out there who have code in github. This may drive users and backing to GitLab…

And, as it happens, this already seems to be the case as GitLab (the open source git repo service) is evidently experiencing a spike in github imported projects:

We use GitLab at Coko and have done from the beginning. It is a great software, I highly recommend it.

Of course the lesson is not just for the software sector. This is a good example of why important infrastructure should be open source and be owned by the community that uses it. Otherwise you may wake up one day to find your own tools are owned by your competitor.

At Coko we have been advocating from the beginning that this true also for scholarly publishing, but it is just as true for every other sector.

Another Good Reason not to use Github

One of the best arguments against using proprietary platforms is that you have no control over what they might do. I wrote about this earlier with regard to Medium and, as if I had asked them to prove a point, they pivoted a week later and left a lot of their users out in the cold.

That is the risk of using proprietary platforms – you just never know what they might do and, importantly, you have no say in what they might do.

Here is another example by way of GitHub and DMCA takedowns. Earlier this week a complaint was filed for a DMCA takedown against an open source project known as Gadgetbridge (DMCA is the Digital Millennium Copyright Act, one of the things this (US) Act enables are ‘takedowns’ – GitHub has a pretty good explanation of them on their site).

It seems that someone had created an issue in the GitHub Gadgetbridge repo which included a screenshot of a competitive product. The actual DMCA complaint is here. There is a discussion about it on reddit here.

It appears that there is little basis for arguing a copyright infringement.

The problem here is that it appears GitHub has a ‘keep our hands clean’ policy towards takedowns ie. they will just read the complaint to see if the process has been followed and go ahead and takedown the recommended repositories. In this case, they took down the entire Gadgetbridge repo. GitHub does have an option here, they could have looked into the case further and decided that the complaint had no basis and, consequently, refused to takedown the repositories. Alternatively, they could have isolated the takedown to specific files and not the entire repository.

Imagine what this would do to your community if you run an open source project and your entire workflow revolves around GitHub (as it does for most open source projects).

I highly recommend you don’t use GitHub or any other proprietary service for hosting your code. If you do so, you are vulnerable to these kinds of acts. Cynically, it is not unimaginable that proprietary competitors could leverage GitHub policies to get you taken offline. If you run GitHub pages for your site that would also mean your web presence would go down. At the very least, GitHub are not trusted stewards of your code. Host your code and all other services on your own instances of free software applications eg Mattermost, Gitlab etc