Bonum Certa Men Certa

The GitHubification of Free Software

Article by Thomas Grzybowski



3 rabbits caged



Summary: "The optimal solution to the ongoing GitHubification of Free Software would be the creation of a successfully competitive software development repository specialized to the Free Software community."

GitHub is proprietary software and a manifestation of surveillance capitalism right smack-dab on the face of it. But that is the very least of the problem here. GitHub is an existential problem for Free Software - a crisis that is almost completely obscured from our notice.



GitHub is a major part of Microsoft’s future, and it is not speculation to note that GitHub undermines Free Software. Microsoft is a company which has dedicated itself to ending the Free Software movement – a company which has formally banned the use of the GPL from any of its internal software. If anyone dismisses that GitHub can be an existential problem, see this example pointing to our future: https://www.gnu.org/software/fribidi/ . Here one thinks one is going to a GNU site, but is in fact being directed to Microsoft.



This observation is far from an isolated fact. Free Software advocate figosdev has painstakingly analyzed a vast array of GNU/Linux software packages and compiled volumes of information showing that GNU is becoming dependent upon GitHub in its development processes.

http://techrights.org/2020/05/03/gnuhub-pt-1/

http://techrights.org/2020/05/05/gnuhub-pt-2/

http://techrights.org/2020/05/08/gnuhub-pt-3/



There is a long list of concerning facts documented in the above references, but in essence they add-up to show a strong and growing dependence of GNU “Free” software development upon GitHub: Perhaps most notably (being a basic GNU software development tool), GNU Bison has moved to GitHub, with Bison using GitHub for its development platform. The GNU repository is only a mirror. This is extremely problematic, and again not an isolated fact.

How did this situation come about? A major part of this "trap" is what is called the “Network Effect”. As each additional project-piece of software becomes embedded in GitHub, the "benefit" for each and all such projects increases - and the social cost of avoiding the site also increases. Already a GitHub presence is "expected". And Microsoft has greased the slide by actually paying some project-leads to host their projects there.



In regards to the actual migrations onto GitHub, it can be a four-step process, each step seemingly trivial relative to the previous:

  1. Use of GitHub’s social interfaces for bug tracking.


  2. Use of GitHub as a mirror as a backup site, and “presence” for people’s convenience.


  3. Use of GitHub for development (seeing as most of the bug tracking and pulls happen there).


  4. GitHub becomes the canonical source site.




This is all pretty straightforward, above-board, and not a mystery. But, as we have seen documented above, the migration process is extensive and yet there has been little notice paid to the intrusion of this conduct into Free Software development. Let us be clear: Free Software and GNU are becoming dependent upon Microsoft.

Microsoft dependency is an existential crisis for Free Software. First of all, the source code and other content itself physically resides on Microsoft’s servers. These materials are then fully under their control and open to easy and extensive analysis for technical and strategic information. Surveillance activities involve the real names, locations and associations of people working with GitHub. And there are yet other real and potential benefits to Microsoft emerging from having the source code under their control:



  1. Censorship, and the implicit threat thereof.

  2. Blackmail - the implicit or explicit threat of loss of service or censorship.

  3. Manipulatively granting some projects preferential treatment, payment, or services.

  4. Behavior manipulation and opinion modification – through GitHub payments, site messaging, and marketing.

  5. Outright (direct) monetization of use.



What can be done about this situation? Here things become even more problematic. Earlier in the history of GNU, Free Software was widely perceived to be incommensurate with the activities of companies such as Microsoft. (Microsoft’s aggressively monopolistic and proprietary practices at the time being exceedingly well documented.) In fact, Free Software can be seen largely as a reaction to these behaviors. Psychologically there was a good degree of oppositional motivation: programmers could see matters as being one of “Us vs Them” when thinking about Microsoft, and the Free Software movement was able to progress. But now that Microsoft “Loves Linux”, etc., this motivation becomes weak, diluted, undirected. When “Them” (the non-Free Software forces) are a large part of “Us”, the situation changes markedly, and what needs to be done to advance our freedoms becomes extremely difficult.

So, What To Do? One, I think, would be for any Free Software organization worth the name to require appropriately licensed software to be hosted on the home server or other vetted open-source, Free Software server for development. Proprietary services would be out of the question, as they are non-Free with users having no knowledge of what is going on behind the scenes.

An immediate step is for any important project which is being developed on GitHub to be encouraged to move off of that platform. If the project in question does not have a mirror, it should be mirrored elsewhere, ideally with the permission of the project manager, but not necessarily. This is indeed what Free Software is all about. In this way, if GitHub censors any project it will still remain immediately accessible to users. This mirroring also bleeds-off just a little of Microsoft’s implicit denial-of-service threat they hold over their client projects. Each of us should pick a project we wish to mirror and maintain that mirror!

The optimal solution to the ongoing GitHubification of Free Software would be the creation of a successfully competitive software development repository specialized to the Free Software community. Such a site (or set of distributed sites) could well be a successful replacement to GitHub because it would not be subject to the limitations, compromises, and contradictions inherent to a private proprietary entity run for profit. The effort needed to achieve such a success may be seen as prohibitive – but, as we have seen above, it is necessary.

Comments

Recent Techrights' Posts

Certificate Authority Let's Encrypt Has Almost Gone Down to Zero, Nearly Totally Extinct in Geminispace, the Few Capsules Still Using It Are Spam/Dead/Stagnant
This represents another decrease for Let's Encrypt; the last decrease was last week
Trying to Silence Techrights Was a Huge Mistake
Peter Thiel attacked a publisher for asserting, correctly, that he was gay. Now everyone knows it.
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 07, 2025
IRC logs for Sunday, September 07, 2025
Gemini Links 07/09/2025: Scanner, Slop, and Chadobear
Links for the day
The UEFI 9/11 is 3 Days Away
Nobody denies that bad things will happen
Google Versus Journalism
Google played a big role in the demise of news sites
Gemini Links 07/09/2025: Advertising, Decentralized Archival, and Outsourcing to Bezos
Links for the day
Not Much Left in News Cycles
To be very clear, this does not describe "Linux" anything; it's true in just about every facet of news, except the paid-for fake "journalism" about "hey hi" (sites getting paid explicitly to maintain or rekindle hype)
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist
The UEFI 9/11 - Part VIII - Denial of Service and Selling Us WSL (Windows) Instead of "Risky" (Prone by Breakage by Microsoft) GNU/Linux
Restricted Boot (so-called 'SecureBoot') does not improve security. It is nothing but trouble. It's meant to trouble non-Windows users. In dual-boot setups, SecureBoot is a recipe for disaster because Microsoft keeps erasing or tampering with the boot sector, to paraphrase an associate
Slop is Extremely Rare in Geminispace, Slop Images Are Unheard Of (Despite Images Being Supported)
As long as Geminispace grows in terms of domains it's safe to predict the protocol will still be used in 2029 and hence Geminispace will turn 10
Links 07/09/2025: Robodebt Class Action, Fines, and Copyright Settlement
Links for the day
Links 07/09/2025: Yle Impersonated in Social Control Media, Boat-Attacking Orcas, Midjourney Sued Again
Links for the day
Slopwatch: LinuxSecurity, Linux Journal, and the Serial Slopper
Google won't tackle the issue because Google participates not only in relaying slop but also in generating lots of it
Links 07/09/2025: Google Fines in EU and "Your Internet Access Is at Risk"
Links for the day
Gemini Links 07/09/2025: Little Brother and Corporate Theatre
Links for the day
Links 07/09/2025: More Harms of Slop and Anthropic's Nightmare Scenario (Huge Legal Liabilities for Slop)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 06, 2025
IRC logs for Saturday, September 06, 2025
Microsoft Sites Now Talking About September's Mass Layoffs at Microsoft
It's noteworthy that even Microsoft's MSN now covers the latest revelations about mass layoffs
Gemini Links 06/09/2025: SpellBinding Moving and "The Cloud" Ridiculed
Links for the day
Slopwatch: On "the Apology Industry", Chatbots (Punchbag for Customers), and Fake Articles About "Linux"
"news reporting priorities changed"
Links 06/09/2025: "Covid Incidence on the Rise" and Many Attacks on the Press Worldwide
Links for the day
The Register Bill
The Register MS - putting the "MS" in your centre of the universe
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
Nobody Denies That SecureBoot Will Cause Problems After September 11
Not even Microsoft
Gemini Links 06/09/2025: Infinite Scrolling and Posting from Emacs
Links for the day
Links 06/09/2025: GitHub Meltdown Over Slop, "U.S. Jury Says Google Should Pay $425 Million in Privacy Lawsuit"
Links for the day
Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025