News

FOSS Advocate Group Says Open Source Devs Should 'Give Up' GitHub

• By John K. Waters
• July 8, 2022

Software Freedom Conservancy (SFC), a not-for-profit organization that provides support and legal services for free and open-source software (FOSS) projects, has quit GitHub, and says its community should do that same.

"…Git was designed specifically to replace a proprietary tool (BitKeeper), and to make FOSS development distributed using FOSS tools and without a centralized site," the post reads. "GitHub has warped Git, creating add-on features that turn a distributed, egalitarian and FOSS system into a centralized, proprietary site. And all those add-on features are controlled by a single, for-profit company. By staying on GitHub, established FOSS communities bring newcomers to this proprietary platform — expanding GitHub's reach and limiting the imaginations of the next generation of FOSS developers."

GitHub is an enormously popular service. The organization reports that an estimated 83 million developers use it today and it hosts more than 200 million repositories. Microsoft acquired GitHub in 2018, ten years after it was founded, for $7.5 billion.

Prominent among SFC's concerns is GitHub Copilot, Microsoft's "AI pair programmer." Copilot is a for-profit product developed and marketed by Microsoft. It uses AI techniques to automatically generate code interactively for developers. GitHub cites a June 2021 blog post by Albert Ziegler, staff machine learning (ML) engineer at GitHub, in which he states that the model "is trained on billions of lines of public code." The SFC claims that much of that code comes from projects that were hosted on GitHub, including many licensed under copyleft licenses.

"Most of those projects are not in the public domain, but are licensed under FOSS licenses," the SFC claims. "These licenses have requirements, including proper author attribution and, in the case of copyleft licenses, they sometimes require that works based on and/or that incorporate the software be licensed under the same copyleft license as the prior work. Microsoft and GitHub have been ignoring these license requirements for more than a year. Their only defense of these actions was a tweet by their former CEO, in which he falsely claims that unsettled law on this topic is actually settled. In addition to the legal issues, the ethical implications of GitHub's choice to use copylefted code in the service of creating proprietary software are grave."

The conservancy also cites the discovery in 2020 that GitHub has a for-profit software services contract with USA Immigration and Customs Enforcement (ICE). "Activists, including some GitHub employees, have been calling on GitHub for two years to cancel that contract," the SFC writes. "Regardless of your views on ICE and its behavior, GitHub's ongoing dismissive and disingenuous responses to the activists who raised this important issue show that GitHub puts its profits above concerns from the community."

The SFC also argues that, although GitHub claims to be pro-FOSS, the hosting site is, itself, proprietary and/or trade-secret software. "We appreciate that GitHub allows some of its employees to sometimes contribute FOSS to upstream projects," the SFC writes, "but our community has been burned so many times before by companies that claim to support FOSS while actively convincing the community to rely on their proprietary software. We won't let GitHub burn us in this same way!"

Also, the conservancy points out that GitHub differs from most of its peers in the "FOSS project-hosting industry," in that the service doesn't offer a self-hosting FOSS option. The entire codebase is secret. "[W]hile we have our complaints about GitLab's business model of parallel 'Community' and 'Enterprise' editions, at least GitLab's Community Edition provides basic functionality for self-hosting and is 100% FOSS. Meanwhile, there are non-profit FOSS hosting sites such as CodeBerg, who develop their platform publicly as FOSS."

And the SFC cites Microsoft's historical antipathy for copyleft in general and the very fact that GitHub is privately owned as reasons to stop using the service.

The conservancy acknowledges that asking millions of developers of free and open-source software who rely of this very effective service to abandon it is a big ask. "The reason it's difficult to leave GitHub is a side-effect of one of the reasons to leave them: proprietary vendor lock-in," the SFC says. "We are aware that GitHub, as the 'Facebook of software development,' has succeeded in creating the most enticing walled garden ever made for FOSS developers."

The place to start, the SFC says, is with "the most comfortably-situated developers among you, leaders of key FOSS projects, hiring and engineering managers, and developers who are secure in their employment." The SFC is calling on these folks to be the first to reject GitHub's proprietary services, and to help less well established devs and computer science students, some of whom are actually required to use GitHub.

More information is available from the SFC on GiveUpGitHub.org.