Unable to load image

Open source body quits GitHub, urges you to do the same :marseysoylentgrin:

https://www.theregister.com/2022/06/30/software_freedom_conservancy_quits_github

Orange site discuss: https://news.ycombinator.com/item?id=31943478

The Software Freedom Conservancy (SFC), a non-profit focused on free and open source software (FOSS), said it has stopped using Microsoft's GitHub for project hosting – and is urging other software developers to do the same.

In a blog post on Thursday, Denver Gingerich, SFC FOSS license compliance engineer, and Bradley M. Kuhn, SFC policy fellow, said GitHub has over the past decade come to play a dominant role in FOSS development by building an interface and social features around Git, the widely used open source version control software.

In so doing, they claim, the company has convinced FOSS developers to contribute to the development of a proprietary service that exploits FOSS.

"We are ending all our own uses of GitHub, and announcing a long-term plan to assist FOSS projects to migrate away from GitHub," said Gingerich and Kuhn.

The SFC mostly uses self-hosted Git repositories, they say, but the organization did use GitHub to mirror its repos.

The SFC has added a Give Up on GitHub section to its website and is asking FOSS developers to voluntarily switch to a different code hosting service.

"While we will not mandate our existing member projects to move at this time, we will no longer accept new member projects that do not have a long-term plan to migrate away from GitHub," said Gingerich and Kuhn. "We will provide resources to support any of our member projects that choose to migrate, and help them however we can."

GitHub claims to have approximately 83 million users and more than 200 million repositories, many of which are under an open-source license. The cloud hosting service promotes itself specifically for open source development.

For the SFC, the break with GitHub was precipitated by the general availability of GitHub Copilot, an AI coding assistant tool. GitHub's decision to release a for-profit product derived from FOSS code, the SFC said, is "too much to bear."

Copilot, based on OpenAI's Codex, suggests code and functions to developers as they're working. It's able to do so because it was trained "on natural language text and source code from publicly available sources, including code in public repositories on GitHub," according to GitHub.

Gingerich and Kuhn see that as a problem because Microsoft and GitHub have failed to provide answers about the copyright ramifications of training its AI system on public code, about why Copilot was trained on FOSS code but not copyrighted Windows code, and whether the company can specify all the software licenses and copyright holders attached to code used in the training data set.

Kuhn has written previously about his concerns that Copilot's training may present legal risks and others have raised similar concerns. Last week, Matthew Butterick, a designer, programmer, and attorney, published a blog post stating that he agrees with those who argue that Copilot is an engine for violating open-source licenses.

"Copilot completely severs the connection between its inputs (= code under various open-source licenses) and its outputs (= code algo­rith­mi­cally produced by Copilot)," he wrote. "Thus, after 20+ years, Microsoft has finally produced the very thing it falsely accused open source of being: a black hole of IP rights."

Such claims have not been settled and likely won't be until there's actual litigation and judgment. Other lawyers note that GitHub's Terms of Service give it the right to use hosted code to improve the service. And certainly legal experts at Microsoft and GitHub believe they're off the hook for license compliance, which they pass on to those using Copilot to generate code.

"You are responsible for ensuring the security and quality of your code," the Copilot documentation explains. "We recommend you take the same precautions when using code generated by GitHub Copilot that you would when using any code you didn't write yourself. These precautions include rigorous testing, IP scanning, and tracking for security vulnerabilities."

Gingerich and Kuhn argue that GitHub's behavior with Copilot and in other areas is worse than its peers.

"We don't believe Amazon, Atlassian, GitLab, or any other for-profit hoster are perfect actors," they said. "However, a relative comparison of GitHub's behavior to those of its peers shows that GitHub's behavior is much worse. GitHub also has a record of ignoring, dismissing and/or belittling community complaints on so many issues, that we must urge all FOSS developers to leave GitHub as soon as they can."

Microsoft and GitHub did not immediately respond to a request for comment.

25
Jump in the discussion.

No email address required.

Embrace git.sr.ht

:#marseypenguinpat:

Jump in the discussion.

No email address required.

no, it's bad. having to send patches via email sucks + there is no way of allowing multiple people to work directly on the same repo

Jump in the discussion.

No email address required.

Most open source projects attract 0 attention and I'm happy with having no "community" elements at my git hosting. Not everything has to be "Twitter for X".

I wouldn't recommend it for "work"-work, but as "stuff I hack around for fun" there's no better place to find solace in not being around all that noise.

BTW: I find that sending someone a patch in an e-mail is a great r-slur filter.

Jump in the discussion.

No email address required.

i personally don't see those extra features as noise, even when working alone. i guess that's personal

BTW: I find that sending someone a patch in an e-mail is a great r-slur filter.

good point, the internet does need more r-slur filters

Jump in the discussion.

No email address required.

based dramanaut drew

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.