This is a blog post on why I no longer trust Github that Microsoft bought a few years ago (for a few billion) with my code. I will outlines the events that occurred, the thinking that lead me to the decisions that I made and my final thoughts.
Rest assured, I will continue to contribute to open source, write open source software, I just won’t host it on any corporate owned “Cloud” (SaaS) code hosting platform. I will self-host*.
A little about me
Those of you who don' know, my name is James Mills. I’ve been with Github since ~2008. I started contributing to open source and writing open source projects since ~2004 with my first project being a Python library that later turned into the circuits event-driven asynchronous library used by many (well before asyncio became a thing in Python many years later).
I’ve worked in numerous companies in Australia being a Backend Developer, Full Stack Engineer, DevOps Engineer, System Administrator, Network Administrator, Helpdesk Support and many other roles over the years. I’ve worked at Facebook for over 3 years as a Production Engineer where I earned much respect for my ability to “Get Stuff Done"™.
Over the course of some ~17 years of contributing to and writing open source projects I roughly estimate (really hard to actually measure) I’ve written between 500,000 to 1,000,000 lines of code.
Why did I leave Github?
I am primarily leaving Github because I no longer trust them as an entity to host my code. Code that I write and openly license under the MIT License. The recent announcement of Microsoft/Github’s Copilot which harvested source code from public Github repositories and used that as the training dataset for their machine learning models I feel is both a violation of the (©) Copyright I hold on source code I wrote but also a violation of the License agreement(s) I typically choose to license my works under.
Specifically the use of any of my works is subject to (because I use the same license normally):
Permissions
- Commercial use
- Modification
- Distribution
- Private use
Limitations
- Liability
- Warranty
Conditions
- License and copyright notice
It is the last one that is really important to me. You are free to use my works in any projects of your own, commercial or otherwise, as long as you attribute my work and maintain my License and Copyright. If you do not you are violation.
As a user of Copilot, if any works you derive (or in some cases is a direct copy/pasta) from my source code is in direction violation of the license of my work unless you:
- Know the source of the suggestions and snippets that came from Copilot
- AND acknowledge, attribute and maintain the License and Copyright of the original works.
Github’s own Terms of Service even states (if you bother to read it carefully):
This license does not grant GitHub the right to sell Your Content. It also does not grant GitHub the right to otherwise distribute or use Your Content outside of our provision of the Service, except that as part of the right to archive Your Content, GitHub may permit our partners to store and archive Your Content in public repositories in connection with the GitHub Arctic Code Vault and GitHub Archive Program.
Assuming Microsoft who wrote Copilot, a Visual Studio extension, intends to eventually sell this as a service to their users, they are in direct violation of Github’s own Terms of Service as stated above and captured here for posterity.
FWIW I used to up until now even pay Github for “extra features” and “privileges” on their platform. Things like unlimited private repositories, more actions, more storage, etc. No longer! I’ve now downgraded to the “Free” account.
So what happened?
Here follows a series of events, including screenshots for posterity (in case things get removed or re-worded, etc) of what happened over the last couple of weeks that eventually lead me to the decision to remove all of my source code from Github.
-
Sun, Jul 4 3:34AM Slashdot posts about mixed reactions of Micorosft’s Copilot
-
Sun, Jul 4 5:21AM A fellow open source developer talks about “Abandoning GitHub”
-
Sun 4, 12:09PM I followup (_after reading about what’s ) with thoughts of my own and contemplating follow suit.
-
Mon 5, 9:10PM Julia Reda posts about GitHub Copilot is not infringing your copyright.
I don’t know who this Julia Reda is, but even though she’s right about Github/Microsoft not technically infringing on (©) Copyright per se, what has been (and is being done) is a direction violation of many open source licenses.
-
Wed 7, 5:07PM I ask my social media and those that follow me their opinions.
-
Thu 8, 6:18PM Github confirm that they didn’t just selectively use a subset of repositories with particular licenses, they scraped them all!
-
Fri 9, 11:57PM Another open source developer announces leaving Github over the Copilot launch.
-
3:30PM I finally announce my decision to do the same.
So now what?
So now that I’ve migrated all of my projects and their source code off of Github to my own Self-Hosted platform, then deleted all content from Github (except my identity, which I will maintain); Now what?
Projects have moved
All my projects have a new home at git.mills.io. I’ve always had my own private Git Hosting platform (I used to use Gogs) but since this weekend I’ve decided to stand up Gitea instead as it has a few more features that make it a bit more convenient for collaborating with others and has a familiar feel and experience as compared with Github/Gitlab/etc.
I’ve also enabled Github OAuth as well so anyone that had previously contributed to my projects on Github, raised Issues or just want to continue to follow me work can do so with relative ease by simply signing in to https://git.mills.io with their Github identity.
Go libraries and import paths
Since I’ve been an avid Go developer for quite some years now and have written a considerable number of libraries and software (some quite popular), I feel you should be aware that import paths are now obviously broken and you need to update your own projects:
Change any import from:
import "github.com/prologic/<library>"
To:
import "git.mills.io/prologic/<library>"
At some point I will be standing up my own Go Vanity Package hosting to make the imports canonical, simpler and resistant to change no matter where the code lives.
Final thoughts
It’s been a crazy couple of years with the recent pandemic and all. Something fairly similar happened to a chat platform I had been a member of for over ~18 years, FreeNode IRC Network. It never ceases to amaze me what corporations can do to ruin a “good thing”.
I want to thank each and every one of you that have contribute to my own projects and accepted my own contributions via Github over the years. I hope that many of you will continue to follow my work and use many of my works as I continue to maintain and develop it under it’s new home (mine!).
Happy hacking! 🙇♂️
