Follow

If you depend on a forge, choose wisely:

»GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately.«

docs.github.com/en/github/site

Background: social.catgirl.is/@me/10759386

»An open source developer […] deleted their project from GitHub […].

GitHub and Microsoft used this library internally so they reversed the changes and banned them from GitHub for deleting their project.«

@IzzyOnDroid whyyyyyy couldn't github and microsoft have forked like good little foss kids.

@feonixrift @IzzyOnDroid They likely seen it as an affront of some sort, and decided to punish him

@IzzyOnDroid

If you post "contents" to Instagram, then, Instagram (Facebook) owns your "contents".

If you post "contents" to Github, then, Github (Microsoft) "own" your "contents".

My brothers and sisters, please post your "contents" to Pixelfed and Codeberg.

#Instagram #Facebook #Github #Microsoft #Pixelfed #Codeberg #Gitea

@liberation @IzzyOnDroid According to the Terms of Services of Github, the ownership of the content uploaded remains at the uploader. Github is only allowed to process (for search, fork, release) and present it.

I have no idea how the term "own" is defined by you.

@liberation @IzzyOnDroid well, if it was open source it can be easily restored, but it’s a bit a shitty move ignore the developer’s wish to delete it. (signal isn’t on f-droid despite being open source because they don’t want it etc.)

@liberation @IzzyOnDroid But to be honest, I wouldn’t allow people to remove their openly licensed projects. Not on github, not on gitlab, not on codeberg, not on opengameart.

If it was an important project it will be restored anyways, it just breaks/disturbs workflows.

@basxto @IzzyOnDroid

If it is an important project, I do agree with you, it should not be removed.

But I also do believe, if the project is such an important component to your own workflow / project, then, it is a must to support the project / developer financially.

If there are 200 companies depend on the project, then $5 donation per month will contribute $1000 / month to the project.

But then, it is far to rare to see such donation.

@IzzyOnDroid

Apparently he put code in it that crashed any application using it, not removed his code.
Don't know whether he was right to do so, but he's not telling the full truth anyway.

@lienrag @IzzyOnDroid I'm going to be unpopular here, but I think forges have right, and maybe even a moral obligation to protect downstream projects from malicious activity, including maintainers gone rogue.

@dmbaturin @IzzyOnDroid

It's certainly a complicated issue.
Taking down the repo while the situation is discussed may be an option, but just deciding themselves what is the right version of the code that should displayed ? That's a hell of a slippery slope.

@lienrag @IzzyOnDroid I think changing the code definitely would be unacceptable, but reverting to the last known good revision is probably acceptable in at least some situations. I agree it's a complicated issue though, I'm not defending GitHub unconditionally here.

@lienrag @IzzyOnDroid For a less complicated example, suppose a repository is compromised, an attacker planted a backdoor in it, and the repo owner is not responding to attempts to contact them.
I think in that case a forge is obliged to revert the malicious commit because that's what a reasonable maintainer would be expected to do.

@lienrag @dmbaturin @IzzyOnDroid if it is an older version that was previously conveyed on a public license, and they restored to that prior version with no other changes, I do not see an issue in this specific aspect. You certainly can redistribute or fork from an older conveyed release that gave those rights even if the license is changed later in the future. I see other issues in this, just not this one...

@tychosoft

It means taking ownership of the repository.
That's not the same thing than forking the code and putting the fork on a different repository.
Github's TOS apparently allow this, but it's less a "everything's legit, nothing to see here" and more a confirmation that no one should use Github nor any non-free software.

@dmbaturin @IzzyOnDroid

@tychosoft

Remember that a free software repository is indeed forkable, but that it comes "as is".
Nobody is to expect the maintainer to continue maintaining it (except of course if he promised he'll do it) nor to never change mind about what his code should do.
If you want to rely on somebody's code, make a contract with that person.

@dmbaturin @IzzyOnDroid

@tychosoft

And I don't necessarily mean a commercial contract, not everything needs to be done the corporation way : #Framasoft has made some clear commitments and it's reasonable to rely on them
Note that they're also wise enough to avoid overcommitting, and nobody is to take for granted what they never committed to.

@dmbaturin @IzzyOnDroid

@lienrag not just occupation, but even locking the original owner out (they've closed his accounts if I read that correctly). Even if it's "free software", if that is true I'd call it "theft". Or "robbery". Or how do you call it if someone takes your house and sets you on the street – because they didn't like the colors of the courtains you put on it? @tychosoft @dmbaturin

@IzzyOnDroid

I certainly do not condone Github's action, but in the point of view "what to do when a repository starts distributing malware" that was the original point of
@tychosoft and @dmbaturin, locking the "attacker" out of the account is certainly the thing to do.

Whether Marak's action amounted to distributing malware is debatable, though - one can object that the code did no real harm except crashing the software.

@lienrag Well, it could certainly count as "DOS", you've got a point there.

Btw, I vaguely remember a "call to action" for exactly like that (rendering a heavily used NPM module useless overnight, to show the effect of FOSS on the commercial giants which just consume it without giving back to the project). Not sure if its connected. Wasn't that long ago – maybe a month or two?

@IzzyOnDroid @lienrag yes I remember this, the author was offering to pay developers to break their code, with the pay scaling according to how widely used the package is and how small it is.

@IzzyOnDroid @michael

I read on reddit (from the translation of a german article) that Marak was about to become homeless ?

@IzzyOnDroid "We will use your free work and you won't rebel!"

@IzzyOnDroid it is not Github and Microsoft, but Microsoft Github. At least, they love open source.

@IzzyOnDroid "GitHub has the right to suspend or terminate your access to all or any part of the Website at any time" applies to a lot of online services?

@atlas_core So does "we take your privacy, seriously." Doesn't make it any better.

Especially the part that reads "with or without cause, with or without notice, effective immediately" – for a place hosting your code, issues, PRs and all. "without notice", just gone "immediately". When you DEPEND on it (my first sentence).

First rule of the sane: make sure you at least always have a copy that is up-to-date. Works for the code ("mirror"), might not work for issues/PRs.

@IzzyOnDroid So as a developer in order to move to GitLab, you should not delete your project, but mangle it. They won't notice automatically and you remove your code from their greedy grasp.

@IzzyOnDroid
Just read it today.
Now I wonder if the lisence of the projects allow to reupload the project with the same project name and so on.
(Not to fork them, but to pretend to be them.)

@M already before – or also after the restauration? 🤷‍♂️ Anyhow. That "with or without reason" part of their TOS does not make me want to rely on availability. Though I must admit not to be aware of any case where someone lost access without any (even pretended) reason. "without reason" is not really inviting trust – because, what reason is there for trust?

@IzzyOnDroid
I just wonder if the project maintainers have any chance to challenge that legally. 🤔
(in theory)

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!