Open source body leaves GitHub, urges you to do the same • The Register

The Software Freedom Conservancy (SFC), a nonprofit organization focused on free and open source software (FOSS), said it has stopped using Microsoft’s GitHub for project hosting — and urges others software developers to do the same.

In a blog post on Thursday, FOSS SFC License Compliance Engineer Denver Gingerich and SFC Policy Manager Bradley M. Kuhn said that GitHub has played a dominant role in FOSS development over the past decade. creating an interface and social features around Git, the widely used open source version control software.

In doing so, they claim, the company convinced FOSS developers to help develop a proprietary service that leverages FOSS.

“We are ending all of our own uses of GitHub and announcing a long-term plan to help FOSS projects migrate off of GitHub,” Gingerich and Kuhn said.

We will no longer accept new member projects that do not have a long-term plan to migrate off GitHub

The SFC primarily uses self-hosted Git repositories, they say, but the organization has used GitHub to mirror its repositories.

The SFC has added a Give Up on GitHub section to its website and is asking FOSS developers to voluntarily switch to another code hosting service.

“While we are not requiring our existing member projects to move at this time, we will no longer be accepting new member projects that do not have a long-term plan to migrate off of GitHub,” Gingerich and Kuhn said. . “We will provide resources to support all our member projects that choose to migrate, and help them as much as possible.”

GitHub claims to have around 83 million users and over 200 million repositories, many of which are open source licensed. The cloud hosting service promotes itself specifically for open source development.

For the SFC, the break with GitHub was precipitated by the generalization of GitHub Copilot, an AI coding assistance tool. GitHub’s decision to release a for-profit product derived from FOSS code, the SFC said, is “too much to bear.”

Copilot, based on the OpenAI Codex, suggests code and functions to developers as they work. It’s able to do this because it was trained “on natural language text and source code from publicly available sources, including code in public repositories on GitHub,” according to GitHub.

Gingerich and Kuhn see this as a problem because Microsoft and GitHub haven’t provided answers about the copyright ramifications of training its AI system on public code, why Copilot was trained on FOSS code but not copyrighted Windows code, and whether the company can specify all software licenses and copyright holders attached to the code used in the dataset of training.

Kuhn has previously written about his concerns that Copilot’s formation could pose legal risks and others have raised similar concerns. Last week, Matthew Butterick, designer, programmer, and attorney, published a blog post stating that he agrees with those who argue that Copilot is an open source license violation engine.

“Copilot completely cuts the connection between its inputs (= code under various open source licenses) and its outputs (= code produced algorithmically by Copilot)”, he wrote. “So after more than 20 years, Microsoft has finally produced what it falsely accused of being open source: an intellectual property rights black hole.”

poison pills

Arrogant, Subtle, Titled: “Toxic” Open Source GitHub Discussions Reviewed

MUST READ

These claims have not been settled and likely will not until there is litigation and judgment. Other lawyers note that GitHub’s terms of service give it the right to use hosted code to improve the service. And the legal experts at Microsoft and GitHub certainly don’t think they’re responsible for license compliance, which they pass on to those who use Copilot to generate code.

“You are responsible for ensuring the security and quality of your code,” says the Copilot documentation. “We recommend that you take the same precautions when using code generated by GitHub Copilot as when using code you did not write yourself. These precautions include rigorous testing, IP analysis, and tracking. security vulnerabilities.”

Gingerich and Kuhn argue that GitHub’s behavior with Copilot and other areas is worse than its peers.

“We don’t think Amazon, Atlassian, GitLab, or any other for-profit host are perfect players,” they said. “However, a relative comparison of GitHub’s behavior with that of its peers shows that GitHub’s behavior is much worse. GitHub also has a reputation for ignoring, dismissing, and/or downplaying community complaints on so many issues , that we should urge all FOSS developers to leave GitHub as soon as they can.”

Microsoft and GitHub did not immediately respond to a request for comment. ®

About Jon Moses

Check Also

AlmaLinux 8.7 is now available – Latest trends in digital transformation | Cloud News

Distribution continues to closely track RHEL releases, includes enhanced Defense Information Systems Agency (DISA) technical …