blog

why I no longer use GitHub

2018 Jun 21, by opal hart (PGP signature)

I have had issues with GitHub long before the Microsoft acquisition this year. in fact, Microsoft is the best thing that could have happened to it because it's an excuse for people to leave GitHub. but for everyone who continues to use it, who has built their FOSS projects on top of its infrastructure, they need a little more motivation to move than just an acquisition scare. and the fact that these projects stay behind inconveniences me, as a FOSS contributor, especially if they outright refuse to collaborate outside of GitHub and they insist on you making an account, opening pull requests and new issues through the web interface.

since I am tired of reiterating to every project the reasons I refuse to sign up to and contribute via GitHub, I feel like the best course of action is to write it all out, once, and give this article to anyone who asks. plus, maybe all my readers may find this an interesting read to perhaps rethink their decision to use GitHub for their projects.

GitHub is not FOSS

GitHub boasts its love for the FOSS community, but the site itself runs on proprietary software. if you hate double standards as I do, you may stop reading as you should be content with the answer I gave you.

but really, look at GitLab in comparison. GitLab is the leading competitor and the current go-to for most people fleeing GitHub because of its similar social coding interface. guess what? it's FOSS, so you can take GitLab's software and run it on your own server. and from what I understand, GitLab manages to be a for-profit company despite the fact it gives away its software to the community, so why doesn't the FOSS-loving GitHub do it as well? it just doesn't fly with me.

GitHub is (poorly) reinventing git

git is a distributed version control system. it says that right on the tin. and it does a damn good job at being one. so why turn it into something that it isn't? I don't know, but GitHub seems happy doing away with many of the benefits of this. with plain git, I can stick my repository anywhere, give people the link to clone it, and take pull requests through mail. everyone on the Internet has an E-mail address (which is also a federated communication technology, so it's easy to see how it can be best friends with git) and E-mail doesn't lock you into a single terms-of-service agreement (I'll go in depth on that in a bit). this makes it easier for the passerby to contribute to a project, regardless where the project is hosted. no new user accounts necessary.

with GitHub, E-mail is second-class and people become spoiled by the wrong way of doing things, so they insist that you do things the wrong way as well. this is called vendor lock-in and it's very bad especially for FOSS projects. you can witness a similar effect between Blender and YouTube that surfaced recently. GitHub knows it has you by the nape and can shut you down whenever they want, and it can use that to manipulate you into making decisions for your project that you otherwise wouldn't take. and GitHub knows that your project's success is imperative to its own success, since it means more people signing up to contribute, more people being exposed to its nice, incorrect, not-git interface, and thus more people becoming locked in to GitHub as well.

there are some AUP/ToS loopholes, and they will shut you down

I promised I would go into detail about the terms of service. there are two clauses that are poorly worded, subjective, and ... well, loopholish in nature.

You agree that you will not under any circumstances upload, post, host, or transmit any content that[...] contains or installs any active malware or exploits, or uses our platform for exploit delivery (such as part of a command and control system)

this means that you can develop an innocuous research tool, note in your README that it must not be used maliciously and that you are not responsible for skids using your software, and still get punished. all it takes is a skid cloning your repo, pissing off the wrong people with it, and those people reporting you to GitHub. and yes, I am not making this up. I know of people who have been affected by this and I am sure you can find your own examples if you search for a bit.

[...]transmit any content that[...] is discriminatory or abusive toward any individual or group

oh, this is a fun one. this basically means that anyone can report you as long as they feel offended. I'm sure you have heard enough about this so I won't go into excruciating detail, but I will tell you that it is a huge loophole allowing anyone to abuse the report function to knock you off GitHub.


so, you may be wondering what I do prefer in stead of GitHub. of course you could use GitLab or software such as Gogs or Gitea, but that still has the issue of revolving around social coding and locking users in to specific software.

thankfully, the components of GitHub, GitLab, et cetera -- they are all available standalone. personally I set up gitolite for repository access control, cgit for a simple Web frontend, and I plan to include an issue tracker that treats E-mail as first-class rather than forcing users to create accounts (possibly Bugzilla but I'm open to suggestions). and if you are attached to your CIs then there are probably decent FOSS solutions for that; personally I don't see myself using them that much so I don't know much about them.

or, you could take advantage of the fact that there are people interested in abandoning the GitHub and social-coding ecosystems just like I am: sr.ht is both a service that you can sign up for as well as a suite of programs you can set up on your own server to provide something similar to what I have described above.

in the end, GitHub isn't the only thing out there for FOSS projects. nor is it the best thing. plenty of projects already spun out their own solutions, and the only presence they may have on GitHub (if any) is a simple backup mirror to their repository.

I hope that my reasoning has maybe encouraged you to try to use something else for your own projects, but if not, I hope you at least understand why I no longer wish to use GitHub.