GitHub Source Code Leak (opens in new tab)

Thank you.

[0] you failed to read the 1st paragraph of the linked article :)

Maybe add a checkbox in your profile like "Specifically mark unsigned commits" or even "don't associate unsigned commits to my account" as well.

Instead of making conflict messages clearer and easier to work with using local files, contributors keep thinking the users are too dumb and adding (and changing) merge resolution hacks.

This boils up to github, as can be seen by teams who do not understand the very basic about git commits, and enable "squash commits by default" on their repos. With these teams, git commit history cease to be bit sized changes in a larger changeset, and become useless displays of the author interacting with the remote server while they upload small changes to tests to make the continuous builds get green.

But Github uses the same single Git repository for all forks, and they have an issue where you can access a branch/commit of a fork from the main repository if you know its hash. They should probably fix that at some point.

Robert Browning, Pippa Passes (1901)

A nice one. I didn't know it.

https://www.goodreads.com/quotes/314320-the-year-s-at-the-sp...

Git does not make it trivial to impersonate commits. http://www.linuxjournal.com/content/signing-git-commits

Also, if users don't know the very basics of how Git works, they probably shouldn't be using it, and certainly not trusting it.

Most likely support. GH probably doesn’t want to support an open source version (triaging issues, reviewing 3rd party pull requests, having an open roadmap). Likewise it would probably be bad PR if they just dumped the code base and were really slow (or didn’t) respond to bug reports.

Being open source requires a lot more than just the source code being available.

why does anything needs to be open source in the first place?

Open-sourcing something should add value. Github doesn't see any value in doing so (and i would agree). It's not like github has any secret ingredient that makes github source special - gitlab has replicated most of github's functionality, and so has many open hosting platforms.

The value of github is mindshare, rather than anything code wise.

- If it is so easy to shoplift, why don't stores just give out everything for free?

I've used it as a local-network git remote and generally enjoyed my experiences with it. It's not quite as developed of a web interface as Gitlab or Github, but as a git remote with a web frontend it's very usable and quick to deploy.

They don't have a mantra of all information wants to be free, and indeed their entire business model relies on hosting private repos.

I understand people wanting to host their open source on a server that's also open source. There's an argument it makes business sense if the closed source setup creates a long-term drift to GitLab or elsewhere. Nevertheless, I don't see the closed source as a contradiction.

You can love open source while producing a mix of open and closed source. Building a sustainable business often means being selective about it and seeing open source as a tool you can benefit from (enlightened self-interest), rather than an ideology you must adhere to at all times.

Come out against the RIAA if you must do something. Better still to let the process work, you don't win legal battles by committing crimes.

Specifically, the way GitHub "embraced and extended" git (even before the Microsoft acquisition) is to have quite a few things outside the repository - like issues. You can take your source anywhere you want, but a project with 30,000 issues is going to have trouble migrating those issues.

Microsoft are running Bartertown and and are doing a pretty good impression of Master Blaster. Ironically youtube-dl just got dragged into the thunder dome.

You can trade outside Bartertown but it’s going to have low visibility.

To give an analogy, I think the Internet is great. But I dislike the individuals who exploit it to send spam and propagate worms etc.

Reading something isn't inherently illegal itself, true. I'm fairly certain that intentionally navigating to a website that you know contains pirated content is a violation of copyright law though. (Of course no one is going to bother prosecuting you for it, but still.)

The laws surrounding classified information in the US are quite different from copyright law. They aren't relevant here at all. (https://en.wikipedia.org/wiki/Classified_information_in_the_...)

Apart from the code linked above, I don’t think you’re missing any significant information that was on that archived page whose URL is now excluded. The screenshot at the top of this article matches what I remember of that page: https://arstechnica.com/information-technology/2020/11/githu....

To describe the screenshot in words, for the sake of those who prefer text to images for whatever reason: the commit was an orphan with no parent; it had no commit history. The message was as SethTro quoted it: “felt cute, might put gh source code on dmca repo now idk”. GitHub’s interface suggested the committer was https://github.com/nat, but there was no “Verified” label. The interface described the commit as having been created “1 hour ago” at 2020-11-04 05:00:26, the time of crawling.

I remember reading somewhere that once You include some url in robots.txt archive.org even though can have it archived it will stop showing it to the public.

https://blog.archive.org/2017/04/17/robots-txt-meant-for-sea...

https://github.com/robots.txt

They have some interesting nuggets in their robots though like `/ExplodingStuff/` and `/account-login` both of which seem to be some accounts.

Or probably more possible - they just got in contact with the archive.org people.

1. is not equal to making it open to collaboration.

2. does not mean they can’t keep making money from it.