If you depend on a forge, choose wisely:
»GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately.«
»An open source developer […] deleted their project from GitHub […].
GitHub and Microsoft used this library internally so they reversed the changes and banned them from GitHub for deleting their project.«
If you post "contents" to Instagram, then, Instagram (Facebook) owns your "contents".
If you post "contents" to Github, then, Github (Microsoft) "own" your "contents".
My brothers and sisters, please post your "contents" to Pixelfed and Codeberg.
If it is an important project, I do agree with you, it should not be removed.
But I also do believe, if the project is such an important component to your own workflow / project, then, it is a must to support the project / developer financially.
If there are 200 companies depend on the project, then $5 donation per month will contribute $1000 / month to the project.
But then, it is far to rare to see such donation.
Apparently he put code in it that crashed any application using it, not removed his code.
Don't know whether he was right to do so, but he's not telling the full truth anyway.
@lienrag @IzzyOnDroid For a less complicated example, suppose a repository is compromised, an attacker planted a backdoor in it, and the repo owner is not responding to attempts to contact them.
I think in that case a forge is obliged to revert the malicious commit because that's what a reasonable maintainer would be expected to do.
@lienrag @dmbaturin @IzzyOnDroid if it is an older version that was previously conveyed on a public license, and they restored to that prior version with no other changes, I do not see an issue in this specific aspect. You certainly can redistribute or fork from an older conveyed release that gave those rights even if the license is changed later in the future. I see other issues in this, just not this one...
It means taking ownership of the repository.
That's not the same thing than forking the code and putting the fork on a different repository.
Github's TOS apparently allow this, but it's less a "everything's legit, nothing to see here" and more a confirmation that no one should use Github nor any non-free software.
Remember that a free software repository is indeed forkable, but that it comes "as is".
Nobody is to expect the maintainer to continue maintaining it (except of course if he promised he'll do it) nor to never change mind about what his code should do.
If you want to rely on somebody's code, make a contract with that person.
And I don't necessarily mean a commercial contract, not everything needs to be done the corporation way : #Framasoft has made some clear commitments and it's reasonable to rely on them
Note that they're also wise enough to avoid overcommitting, and nobody is to take for granted what they never committed to.
@lienrag not just occupation, but even locking the original owner out (they've closed his accounts if I read that correctly). Even if it's "free software", if that is true I'd call it "theft". Or "robbery". Or how do you call it if someone takes your house and sets you on the street – because they didn't like the colors of the courtains you put on it? @tychosoft @dmbaturin
I certainly do not condone Github's action, but in the point of view "what to do when a repository starts distributing malware" that was the original point of
@tychosoft and @dmbaturin, locking the "attacker" out of the account is certainly the thing to do.
Whether Marak's action amounted to distributing malware is debatable, though - one can object that the code did no real harm except crashing the software.
@lienrag Well, it could certainly count as "DOS", you've got a point there.
Btw, I vaguely remember a "call to action" for exactly like that (rendering a heavily used NPM module useless overnight, to show the effect of FOSS on the commercial giants which just consume it without giving back to the project). Not sure if its connected. Wasn't that long ago – maybe a month or two?
@IzzyOnDroid "GitHub has the right to suspend or terminate your access to all or any part of the Website at any time" applies to a lot of online services?
@atlas_core So does "we take your privacy, seriously." Doesn't make it any better.
Especially the part that reads "with or without cause, with or without notice, effective immediately" – for a place hosting your code, issues, PRs and all. "without notice", just gone "immediately". When you DEPEND on it (my first sentence).
First rule of the sane: make sure you at least always have a copy that is up-to-date. Works for the code ("mirror"), might not work for issues/PRs.
@IzzyOnDroid So as a developer in order to move to GitLab, you should not delete your project, but mangle it. They won't notice automatically and you remove your code from their greedy grasp.
Just read it today.
Now I wonder if the lisence of the projects allow to reupload the project with the same project name and so on.
(Not to fork them, but to pretend to be them.)
@M already before – or also after the restauration? 🤷♂️ Anyhow. That "with or without reason" part of their TOS does not make me want to rely on availability. Though I must admit not to be aware of any case where someone lost access without any (even pretended) reason. "without reason" is not really inviting trust – because, what reason is there for trust?
I just wonder if the project maintainers have any chance to challenge that legally. 🤔
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!