My general point of view is that FOSS software is a public good, and that we should aim to maximize the availability of that public good.
This point of view contrasts with other views, for example I don't see much value in ideological purity for its own sake.
For that reason, I think it's a bit foolish to dissuade people from hosting on GitHub as long as Microsoft is subsidizing bandwidth and hosting costs. You might as well stick MSFT with the bill.
But if you go that route, you do kinda have to keep your eyes open to the real possibility of an eventual rug pool. Or even just that MSFT will make incremental cost saving changes that render some uses of GitHub increasingly unusable over time.
Short term maybe. But Github has already a kind of monopoly on git web interfaces. Package managers (e.g. npm) already have preferential treatment for it, and adding "github" to a search term is quite a standard way to search for source code.
My guess is that sooner or later we'll see EEE. GitHub will slowly get more and more tied with MSFT technology (already ongoing), and at some point MSFT will want to start squeezing profits with their lock-in one way or another.
IMHO Microsoft shouldn't have been allowed to buy GitHub. In general it's really not a good situation that so few megacorporations dominate the software industry. But the regulation is broken.
This has already happened though. If worse comes to worst, we'll just move off it like we did when sourceforge went to shit. The neat part of git is that it's inherently decentralized. You can trivially re-point it to a new upstream.
The git repo, sure. It's all the workflow stuff around it that is harder to migrate -- issue reporting, what workflow you use for code review and merging changes, CI, etc. Those too can be moved, but I wouldn't use the word "trivial" -- there's potentially a lot of work there with migrating old issue data across, figuring out what changes to everybody's dev workflow the new platform will require versus what can stay the same, adjusting or rewriting CI configs, and so on.
Yes I agree with your assessment. MSFT has already started putting things like search behind a log in barrier for example.
I think it's prudent to mirror to another hosting service, even if it's just a Gitlab or similar instance that is only accessible to the repo author. That way they can always pivot away from GitHub by productionizing the backup.
This might be an ignorant statement on my part - but I don't see how I am "locked-in" to using github.
If I have any software to share on a github page - it is simple a git repository. Whats stopping me moving that over to another web host?
If the projects are private -- can host them on my own server... or the company I work for.
All github really has it popularity. If you have created something really, really cool - it might not get the recognition if not on github. However, there are plenty of ways to advertise it - like on here, or other media outlets.
Not disagreeing with you and, yes, maybe I am missing the point here. I was sad when I heard M$ owned Github and I would not be surprised if there is a long tern goal in relation to the `EEE`
I work for companies that are all in on M$ products.. not just Office, etc.. but the development tools like SQL Server, .NET etc. Outside I will always push for alternatives.
EDIT -- added extra..
I think it will be interesting when large projects start to have issues with the slow M$ changes with github and decide to move away, or create their own. For example, the linux kernel! That would be pretty big news and might start rippling effect.
This utilitarian point of view quickly crumbles once it stops naïvely looking at profit-driven organisations as anything but what they actually are: money-making machines. The first and foremost goal is the money, not the software, certainly not the end this POV claims the means maximise for. It is not a possibility, it is a certainty, especially given that $MSFT is a publicly-traded organisations with legally financial obligations to its shareholders.
Framing actual long-term sustainble practices and policies as "ideological purity" is misleading at best and a textbook example of a strawman at worst.
Parent fully acknowledges this. If anything, bringing up "but Github makes money!" is a strawman, as the risks associated with this was already aknowledged. Why is the Free and Open Source community so alergic to anything making money? We all understand that Github and Microsoft are companies that exist to make money. Pointing that out is the "I am very intelligent" https://knowyourmeme.com/memes/we-should-improve-society-som...
This whole article explains how, for the authors worldview, using Github is the long-term sustainable practice for their software.
I don't think the issue is the "makes money", but the "need to make more money", which happen to increase over time. At some point, they start making money with your code, or your users..
Who knows what ideas are growing behind Microsoft walls to make more money of gihub users? See what happened with sourceforge as an example..
Using M$ bandwidth and storage isn't the same as giving them control over the project though. It's git. You can migrate elsewhere as and when the rug pull happens. Issue tracking might be slightly harder to migrate, but even that might offer an option to clear the backlog and only bring along the really important stuff.
Not really... Github offers bug-tracker and CI as well as "pages", user management, various automation APIs, Web access, of course... Also, integrations! Want to publish your documentation to readthedocs dot com? -- You need integration with that site! Some really shady languages also now want you to use GitHub Actions to publish packages "to ensure authenticity" (there was a thread on yc just a week or so ago). GitHub can also serve as a built releases repository.
Github tries very hard to make sure users don't migrate elsewhere.
By supporting GitHub (through hosting your code in it) the way it is right now, you will be helping MS to train their editor enhancing features. Bug-testing the free tier of their paid services...
I'm not sure the deal is worth it. I'm much more pro divorcing the private interest from the public good. I'd rather my taxes paid for free software hosting.
P.S.: I'm strongly on the same page with you. Corporations are present to make money, and they always try to differentiate them with closed secret sauce, which is very incompatible with Free and Open Source Software.
The network effect really is important if you don't use email for patches and want to capture an audience greater than your typical zealot coder (of which I am one).
Github makes it easy for non-coders to submit documentation, test their changes, and genuinely be part of something that they are not an expert in. Sure there are disadvantages there too in terms of the quality of the submissions, but the benefits of a busy community outweigh the drawbacks of too many PRs in my opinion
It's not a prison, you can leave whenever you want and take with you everything that's supported outside github. Git clone and go. The features that attracted you to begin with still attract you, though, so maybe you don't want to.
Compared to e.g. moving a team from one mail server to another, moving from github is remarkably simple.
The grandparent does not present a dichotomy, let alone a false one. It says that when you are not using email patches, the network effect of the platform (like Gitea which you present as if it was explicitly excluded by the grandparent) is important.
> This was the case even when SourceHut was the “official” source and GitHub was a mirror (I also have a GitLab mirror, which probably never received a single contribution): the vast majority of the contributions were on the GitHub mirror, while SourceHut was adding friction to my maintenance work.
All of my new stuff is on GitLab. I have seen zero interest in any of my projects, even the ones that were carried over from Github (which are archived). It could just be that I am a dull coder, but I'm leaning more on the notion that discovery is hard in GitLab.
This, and worse: I’ve stopped using libraries that migrated to GitLab in my own personal projects, because I just can’t be bothered to check for updates there, or deal with the UX, or log in to report bugs because I don’t really want to create another account.
I remember when SourceForge was a thing, and GitHub was just tremendously superior feature-wise and community-wise, with new issues and PRs for stuff coming in daily. GitLab, Codeberg, etc. may have 90% feature parity, but they’re not anywhere near the ease of interaction.
(I’ve also set up a Gitea instance on my NAS to mirror my own stuff, some GitHub projects that might be controversial—like emulators-and stuff from GitLab and Codeberg. And guess what, I seldom use that as well to keep track of external projects.)
Sounds like you don't have w GitLab account and don't visit it frequently enough to get used to it?
I mean we can't really complain when alternatives exist, have 90%+ be feature parity but they are slightly different in terms of UX. Isn't that basically summarising FOSS? You trade a bit of UI/UX for the freedom and openness.
Protesilaos is a legend and I agree with everything he's said on this post.
I myself put all my projects on GitHub because of visibility and the free CI to run tests on Windows/Mac/Linux which is a godsend... but I also normally keep an alternative upstream on all my projects with https://www.opencode.net (it's as easy to do that as adding a new remote with git) so I feel like I have zero dependency on MSFT, all the services they provide to me for free are just "nice-to-have" things. But they are very nice indeed.
The only danger I see is that GitHub becomes so widespread that other tools start only integrating with it (instead of using pure "git" integration). People are saying NPM already does this (I don't know, I don't do NPM)? That's a real danger, but hopefully other projects will have the common sense to not fall into this trap. For now, at least, I feel like that's not been a big problem.
I made the same excuses in the past, and I could not even keep making them to myself seriously after a couple years of watching Microsoft censor various repos.
At some point people put code on GitHub before it had "network effects".
If a package is useful enough, people created accounts on GitHub to get help or contribute.
Maintainers need to stop rationalizing away their -choice- to centralize code on GitHub.
We do not need governments to help here. The political votes that matter are every repo that someone chooses to not host on GitHub, or at a minimum mirror elsewhere. The more useful your software with fewer alternatives, the more "network effect" power you wield to get someone to sign up for something besides GitHub.
I started Stagex, which is as far as I know still the only oci-native, deterministic, multi-signed, and full-source bootstrapped Linux distribution that exists.
If you want easy deterministic containerized builds of software without trusting any single human in your compilation path, Stagex is the only option.
My shameless plugging aside, I chose to host this exclusively on Codeberg in spite of the major financial sponsors all being on GitHub.
Already we have 8 contributors and the ~200 most common packages needed for most python/tcl/perl/lua/c/c++/go/rust software with more language support in progress by volunteers.
We built Stagex to ensure a fully open and transparent supply chain for any software to be built with, and that starts with using a Git host that shares these values.
Codeberg also donated unlimited free CI/CD via woodpecker as is available to most projects that apply since their funding is exclusively for social good.
We will self host eventually when forgejo supports federation so our instance can still get contributions from Codeberg users.
Git was built to be decentralized and that is never going to happen under Microsoft.
I know it is harsh but if you have a popular project and exclusively host on GitHub, you are why we are in this monopolozed-network-effect situation, and you have the power to change it.
I agree with many of OP's points, but I don't think OP is addressing the suggestion of using Codeberg, which I believe is a reasonable alternative to GitHub.
It provides a GitHub-like experience, so it solves the OP's problems with SourceHut.
Regarding discoverability, I doubt anyone finds projects through GitHub's search or discoverability features, but rather through a search engine like Google or DDG and online communities. So the project should be similarly discoverable if the source was in Codeberg.
The main friction point I can see is that many won't have a Codeberg user, so they'd need to sign up in order to collaborate, while most already have a GitHub account.
> Regarding discoverability, I doubt anyone finds projects through GitHub's search or discoverability features, but rather through a search engine like Google or DDG and online communities.
I've found a lot of interesting projects via GitHub search and via GitHub newsfeed (mostly because I follow people with similar interests and they star interesting projects).
Google links to discussions in places like online communities, which works quite well too, but Google doesn't seem to rank GitHub very high on search results, even when looking for the exact project name.
>Codeberg supports account creation and sign-in with GitHub login, so there really are no excuses IMO.
One extra click for any existing GitHub user to comment on a Codeberg repo.
Your simplification of the steps is incorrect. I just did this "sign-in with Github" workflow and it's not just 1 click. After using Github to authorize Codeberg, it still requires new users to enter a valid email. Codeberg then requires verification of that email address by the user clicking on the url in the email.
(And the email address step above also adds more behind-the-scene steps for me since I always create email aliases for every service to manage spam.)
Not sure what friction is removed by signing in with Github rather than just registering a new account email address directly with Codeberg.
The typical GitHub project I end up using as a tool or a dependency: hundreds to thousands of stars, a good number of issues and PRs, signaling at least a moderate degree of battle-hardening. (Star farming is a thing but I don’t think it’s a big problem in general.)
The typical GitLab project I land on through a search engine: ~0 stars, extremely low issue/MR engagement. Even when it’s like the only game in town for a moderately popular use case. Hardly distinguishable from my private repos in terms of human involvement.
I want to comment on comparing things that seem similar, but aren't.
In particular, OP wants readers to believe that taking drugs developed by "big pharma" is the same, or is morally equivalent to hosting one's project on GitHub.
The problem with this is that the relationship between the drug manufacture and the drug user isn't the same as with the repository service and the user, and in a very important way.
* By using the drug the user doesn't contribute anything back to the manufacturer beside the monetary compensation. The equivalent of repository service would've been a drug user who agrees to run experiment for the company developing the drug in exchange for the drug. Such things do happen, especially in desperate cases... but, certainly aren't the norm of pharma company vs drug user relationship.
* Pharma companies are heavily regulated, with lots and lots of drug users protections in place. If a pharma company is found to have walked back on the safety or other promise about a particular drug -- there's a good chance they'll be taken to court, and, hopefully will have to pay reparations. GitHub, on the other hand, makes no promises to the non-paying customers, and, like a famous jedi, will force choke you when they alter the deal they made with you, while telling you to prey they don't alter the deal any further.
A lot of you are not taking about the biggest reason to avoid GitHub. Having the rug pulled from you.
Terraform? Remember that? VMWare? Redis? What happens when a company stops providing a good deal? With GitHub you have lock in to the way they do things. So many of you complained about CentOS and then go lock yourselves in to far worse when you have CentOS Stream which was mostly good enough.
You have a perfectly good option: GitLab. Yes, parts of it are closed source, but most of you will be perfectly fine with the open source stuff. You can move your repos over to a self hosted option for your independence with ease. Most of you do not care about that because you want to seem like you have a lot of activity on your GitHub.
I do not blame you. I literally had an employer reach out to interview me directly because of my GitHub activity. His job offer was absolutely terrible but it was nice for them to do that this time.
But most of you also want to entertain the idea of moving up in the world from a simple coder. A tech lead, a tech business owner, vc startup, run a nonprofit, etc. Then you care about the rug being pulled from you, either because it means less money for what you want to do or it is a massive hassle to move, and this is an excellent way to prevent that.
I don't think the author is painting a correct picture here.
Yes, SourceHut has a different modus operandi compared to GitHub, GitLab, Codeberg et. al when it comes to merging patches. However, this doesn't invalidate Codeberg/GitLab as a viable primary repo and patch collection path.
If the author is so adamant on network effect advantages, they can host a mirror on GitHub with an appropriate README.md pointing folks to right direction.
If the author needs to write a long post to validate themselves about using GitHub, there's no need. At the end of the day, what you say to others doesn't matter much. The biggest wisdom is to not lie to yourself about why you're doing something.
I think the root thing I disagree with in this essay is whether (GNU definition) freedom has anything to do with successful, thriving economic markets. No; they're completely orthogonal. The logic of this article might suggest Shenzhen is the freest place on earth—a fast-moving, healthy marketplace with a vast diversity of economic actors to transact with with low friction. Yes, but also no.
- "Freedom and diversity go hand-in-hand. We empower people to express their individuality. The cumulative effect is a richer corpus of shared resources, from which we can all draw from to elevate our experience."
This is like a definition of wealth, not of freedom.
Wonderful article. Protesilaos does great work, and doesn't indulge in popularity contests, or shy away from uncomfortable realities as he sees them (which apparently is difficult for some HN readers). Keep it up, Prot.
There are many software collectives offering Gitea or similar for free or almost free, so there has to be a good reason for giving away one's code to MICROS~1.
I assume it's short for in re, which is sort of Latin for "on/in the matter [...]".
Actual Latin uses de to mark the topic of a disquisition (compare de corona, the Latin translation of Demosthenes' speech "on the crown"); I'm not sure why we say in re. It appears to be an early modern legal usage.
You're correct about the Latin origin and legal usage, "in the matter .." is strictly correct.
That said, English as a language absorbs and morphs borrow words and phrases like few others and re has moved out of legal only and into common office and other usage where many are no longer tied to a strict law reading.
Latin in means in or on, and res means thing, but that doesn't make in re valid Latin for the English phrase "in the matter [of ...]", any more than quomodo pendet would be valid Latin for the English phrase "how's it hanging?".
For the meaning expressed by "re" in office usage, I'd be more likely to use "wrt", which has the benefits of being English and making sense when read aloud.
Bearing in mind that I'm recalling back 40 years and not looking anything up, it's my recollection that the legal usage in English law is "in the matter of" with the Latin "re" being a contraction of a longer phrase ...
When I said strictly correct I meant that was what was taught in pre law as the correct reading of "re:" when seen .. it's barbaric contractions all the way back to proper Roman law ~ 400 CE I suspect and I'm no learned Latin scholar - I faked my way through it on the STEM side of campus and only ventured into Arts to watch theatre and listen to music.
> it's my recollection that the legal usage in English law is "in the matter of"
This is a tangent, but in Latin that "of" is not included in the re; it would have to be marked on whatever noun is governed by the "of" in English. Including the "of" makes the English translation better, but slightly less literal - in the most technical possible sense, the "of" is implied rather than explicit.
In English it's easy to indicate that some word or phrase requires an argument marked with "of" by just including the "of" when you cite the word/phrase. In Latin this can't be done. A dictionary (aimed at modern students) would say something like "res +gen" to note that an expression requires an argument in the genitive case. I don't know how Latin speakers would have described this, but the need must surely have come up.
Tying back to my earlier observation, it might interest you to know that the word "of" is derived from "off". The reason is kind of funny: off is a (correct!) translation of the Latin preposition de. de doesn't mean "of", but it does mean "off". Latin has no preposition for "of".
However, in Romance, the case system of Latin was lost, and de was repurposed into a genitive marker. That's why it means "of" today in Spanish, French, etc. I assume this had already happened by the time English translated it as "off", and that's why the genitive particle "of" developed, but I don't know for sure.
this is the reasons why I kinda doesnt like it when an opensource package hosted on gitlab I mean idk if gitlab still foss or opensource company its just have same vibe like redis terraform or any other VC backed open source that try to search for the money
This point of view contrasts with other views, for example I don't see much value in ideological purity for its own sake.
For that reason, I think it's a bit foolish to dissuade people from hosting on GitHub as long as Microsoft is subsidizing bandwidth and hosting costs. You might as well stick MSFT with the bill.
But if you go that route, you do kinda have to keep your eyes open to the real possibility of an eventual rug pool. Or even just that MSFT will make incremental cost saving changes that render some uses of GitHub increasingly unusable over time.