Important Open Source projects should not use GitHub
Published on 2020-10-23. Modified on 2020-10-25.
Thousands of the worlds best Open Source projects are still hosting their code repositories on GitHub. Since Microsoft has purchased GitHub this has become a serious problem.
Update 2020-10-25: This is not directly related as it could happen on other hosting platforms as well, but just a few hours after I wrote this the youtube-dl repository was taken down from GitHub by RIAA due to a DMCA request.
It is no news that Microsoft purchased GitHub in 2018, everyone knows that. Yet despite that fact thousands of the worlds most important Open Source projects continue to host their code on GitHub. People seem to have forgotten just how rotten Microsoft really is and how dangerous that situation is.
It is not so much the fact that many projects host their projects on GitHub, it is the fact that many projects haven't secured the code outside of GitHub! They rely fully on GitHub to maintain and protect the code.
Perhaps the younger generation don't know anything about the past "evils" of Microsoft and naively believe that Microsoft is now the good friend to Open Source, but the truth is that all these acquisitions of Open Source projects is a business tactic that is put in place to improve Microsoft's loosing position to Open Source. It is a matter of control.
Just yesterday Microsoft announced that Minecraft will require a Microsoft account to play in 2021 and that owners of the classic version will be forced to migrate.
While this is not related to Open Source, it is a really good example of how bad it can get if Microsoft sometime in the future decides that projects on GitHub are required to do something which goes against these projects interests.
I will not name any names, because that is not important, but how in the world can any Open Source project that regards their code base as valuable not make sure that they have a completely up to date copy of every single line of code outside of GitHub!?
Some project developers only keep parts on the code in personal repositories, others haven't even got a backup but trust fully that GitHub will always have a working and current release of the latests commits.
For years people have warned about the position GitHub had in the world of Open Source because it concentrates too much of the power to make or break the community in a single entity. Having Microsoft behind the steering wheel makes the situation a thousand times worse.
Nobody in their right mind would ever have imagined uploading Open Source code to Microsoft servers just a decade ago. Microsoft where the archenemy of Open Source in the nineties and they deployed all kinds of dirty tactics to keep other operating systems out of the market, especially dirty tactics against Linux. In the early 2000s the then CEO Steve Ballmer said,
Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. And for many years they tried to gain control over Linux and manipulated the market in different ways in order to "crush the competition". When they realized they couldn't do that and that the battle was lost, they deployed a new tactic in which they instead try to make money of Linux, which is what that are doing now in a lot of areas, and which is why they seem "friendlier" to the Open Source community.
I myself do have some code residing on GitHub, but of course I also have multiple up-to-date clones and backups elsewhere. However, having the worlds largest repository of important Open Source code reside in the hands of Microsoft is just madness. Why haven't all the major projects migrated? Running a self-hosting Git server isn't that difficult and there even exists several solutions that are pretty solid.
More and more of all the good stuff about Open Source and community driven development and sharing of resources, code and experience is slowly getting either gobbled up or ruined and massacred by big corporations or economically based foundations. Why is it that as soon as money enters into the picture so many things are turned into "crap"? Of course, greed is the answer, but an even more important question than that is: Why is it that we have stopped caring?
Large projects should self-host their repositories in order to stay completely independent, but some alternative solutions to the more popular services such as GitHub, GitLab and BitBucket does exist (not an exhaustive list):
Codeberg is a registered German non-profit organization and I think it is the best alternative. Codeberg does not depend on external services. No third party cookies, no tracking. Hosted in the EU.
Payment is optional during the alpha, but be aware that it will become mandatory later. This service is funded by its users, not by investors.
A few good solutions for self-hosting (not an exhaustive list):
- Gogs - old discussion at Hacker News
- Gitea a community-managed fork of Gogs - discussed at Hacker News
- OneDev - discussed at Hacker News
Other relevant reading: What is wrong with Microsoft buying GitHub