I have removed all my GitHub repos

Posted Jul 15, 2021 14:28 UTC (Thu) by dskoll (subscriber, #1630)
Parent article: GitHub is my copilot

Given the legal uncertainty around Copilot, as well as my gut feeling that it's simply a really terrible idea, I've removed all my GitHub repos and moved everthing to a self-hosted Gitea instance. I've put stub repos up on GitHub that point to the real repos because (unfortunately) GitHub has become pretty important for discovering software projects.

I'll miss certain GitHub features, especially the CI/CD framework, but I've cobbled together a workable replacement for that with self-hosted Buildbot.

I have removed all my GitHub repos

Posted Jul 15, 2021 14:40 UTC (Thu) by musicmatze (guest, #133336) [Link] (13 responses)

Same here. I removed all my sources and moves them to sourcehut and my own hosting. I still have a github account because I am maintainer of sources that are not authored by me and thus need to stay on github unfortunately.

I have removed all my GitHub repos

Posted Jul 15, 2021 14:42 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link] (12 responses)

I don't see how moving code to a different website prevents GitHub from let ting their copilot run loose on your repos and gathering the data. If their argument holds true, there is nothing special about hosting in GitHub.

I have removed all my GitHub repos

Posted Jul 15, 2021 15:14 UTC (Thu) by bluca (subscriber, #118303) [Link]

Precisely, it seems the same kind of knee-jerk reaction from when Microsoft bought Github and the world was about to end.

In the EU text and data mining is legal for public data, this is pretty much unambiguous (copyright status of the model/output of the model is not 100% clear on the other hand yet, but Julia Reda makes excellent arguments as always) - whether it is hosted on Github, Gitlab, your own server in your basement that definitely won't get hacked and used to mount supply-chain attacks on your users, a mailing list, or any other forge.
The W3C is working on a robots.txt spec to standardize opt-out, which non-charity-status orgs doing scraping are bound to observe: https://www.w3.org/community/tdmrep/

I have removed all my GitHub repos

Posted Jul 15, 2021 16:38 UTC (Thu) by dskoll (subscriber, #1630) [Link] (10 responses)

I somehow doubt GitHub would scrape repos they don't host. And if they do, I can block them.

I have removed all my GitHub repos

Posted Jul 15, 2021 18:04 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (9 responses)

> And if they do, I can block them.

Not if it's open source (or free software) you can't. Anyone can redistribute any FOSS code to anyone else, as long as they preserve license terms. If (as GitHub argues) feeding code into an ML model does not infringe copyright, then there is no legal mechanism to prevent GitHub from acquiring whatever FOSS code they want, by whatever means they want, and feeding it into the model. The only way around this is to move to proprietary licensing with a "thou shalt not redistribute to GitHub" term. But I doubt you actually want to do that.

I have removed all my GitHub repos

Posted Jul 15, 2021 20:06 UTC (Thu) by ejr (subscriber, #51652) [Link] (8 responses)

If it's your own server, then yes you can.

I have removed all my GitHub repos

Posted Jul 15, 2021 20:36 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link] (5 responses)

> If it's your own server, then yes you can.

The point is that they don't have to source it from your server directly. It is open source, nothing is stopping them from using a proxy to clone it.

I have removed all my GitHub repos

Posted Jul 15, 2021 20:39 UTC (Thu) by ejr (subscriber, #51652) [Link]

That's the choice. Release something for others to use as they please, or do not.

That "copilot" is bringing twenty-year-old security flaws back is another aspect. ML is only as good as its training data.

I have removed all my GitHub repos

Posted Jul 15, 2021 20:55 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (3 responses)

Or downloading it from any number of mirrors that you might or might not know about.

Is your code in Debian, or any other distro? The Internet Archive? What about the randoms on /r/datahoarders, do you think any of them made a copy?

There's no such thing as "It's public except for person X." If you put it on the internet, then anyone who wants to see it can probably get a copy by some means or another. Ordinarily, you would use copyright law to combat such unauthorized copying, but FOSS licenses are explicitly designed to allow and even encourage it.

I have removed all my GitHub repos

Posted Jul 16, 2021 1:09 UTC (Fri) by dskoll (subscriber, #1630) [Link] (1 responses)

That's true; I can't prevent GitHub from slurping my code into its ML system. But I can express my disagreement with it, and I can stop using GitHub to ever so slightly reduce the network effect that makes it attractive in the first place.

I have removed all my GitHub repos

Posted Jul 19, 2021 21:53 UTC (Mon) by jbicha (subscriber, #75043) [Link]

They probably already fed all your repos into copilot before you removed them.

I have removed all my GitHub repos

Posted Jul 16, 2021 15:19 UTC (Fri) by marcH (subscriber, #57642) [Link]

>There's no such thing as "It's public except for person X.

Yes there is: the version 3 of the GPL.

</troll>

I have removed all my GitHub repos

Posted Jul 17, 2021 17:46 UTC (Sat) by ju3Ceemi (subscriber, #102464) [Link] (1 responses)

"If it's your own server, then yes you can."

Depending on the licence etc, that may be illegal
So yes, you can, just like you can kill someone down the street

I have removed all my GitHub repos

Posted Jul 22, 2021 11:29 UTC (Thu) by kpfleming (subscriber, #23250) [Link]

How could controlling access to a server that you run be 'illegal'? There is no legal requirement to offer services to any specific person or entity from a server that you run.