> the very act of publishing to GitHub implies a desire to share the code.
No. Thats like saying the very act of sharing pictures online implies you want someone else to use them, or that printing your book and selling it somehow implies you want the world to copy it.
You share on GitHub because its a source control platform, and your code may be interesting to others. This does NOT mean that you are okay with someone taking the code and using it in their (potentially commercial) program.
That is NOT implied, and thats why licenses exist. You could even argue that, as GitHub has license detection etc. built in, sharing and reading code there should mean you are aware of licensing.
> I wish more people understood that this is a bad thing.
Why is it a bad thing? If you represent a business you are free to either refrain from using the project, or send a message to the author(s) and request they add a license. Perhaps the author has no intent to allow others to use their code, and they are merely using github as a convenient place to host their code. Like you said, nobody is allowed to use their code without a license, so why bother to use a private repository?
It might be a bad thing if the author actually put their code online with the intent of having random businesses use it, but it's a bit presumptuous to call it a bad thing in general.
> I don't understand why someone would willingly share their code on github where it is publicly available just to complain when others make use of that knowledge.
People like you should understand that publicly available code doesn't mean "do whatever you want" code.
The majority of publicly available code hosted on Github as a license that tells you what you can and what you cannot do with that code.
If someone uses this code without respecting the license, authors have the right to complain and even legally enforce the license if they want.
Now, you should know that there's nothing "cool" to take other people's work without permission.
> why someone would willingly share their code on github where it is publicly available just to complain when others make use of that knowledge.
For other individuals to collaborate, to make the software available to other people, etc. Certainly not for github's profit and much less for the benefit of github's customers who will have access to open code that violates license agreements.
> Until very recently, you couldn’t do that and keep your code private on github without paying.
Ok, but now you can.
> people dump stuff there for reasons other than explicitly wanting to share it with the world or show it off.
Maybe, but that doesn't change the fact you are sharing it with the world and you are showing it off, and if you put a bunch of sloppy inscrutable code on your GitHub, people are going to assume you tend to write sloppy inscrutable code, especially if you don't contextualize it with a Readme. That's just the reality of it. The real big assumption here is thinking people aren't going to judge you by how you present your work online.
> But GitHub claims to be your home for public hosting of your own personal code.
Github claims to be a home for developers to publicly host code of public use. Any benefit to an individual developer is incident to that overriding purpose and they are clear about that in their use policies.
I think they could easily make claims on any or all of sections 2, 3, 4 and 10.
Section 10 in particular notes that Github is a service run for a mass of users and will favor users as a whole over individual privileges.
> expressing his freedom of speech, again on his own personal GitHub account, in his own personal (not organization) repositories.
Was he running his own Github server instance and I missed it somehow? The flipside to Github paying to run your git repo, issue tracker, etc. is that you agree to abide by their terms of use, and these terms are written for Github's benefit.
If a million Github users are impacted by this package breaking their code then why are you surprised that Github took action to protect their users?
Marak could have hosted his own git repo if he wanted to ensure his malicious code couldn't be intercepted by others. That's the tradeoff you have to choose.
> He spoke about his thoughts about open source, businesses, and economics. Defending this type of political speech [snip]
Inserting infinite loops into packages isn't "political speech" and trying to claim as such just waters down the entire argument...
> Nowhere does it give you a license to _use_ the contents of the repository in your software. Nor does it allow you to publish the contents outside github
To clarify, I did not mean to say that it does; I merely wanted to make people aware of the fact that some "default" restrictions are lifted when you publish on GitHub (just like when I type this comment on HN).
> And so, it is possible (and I would dare say likely) that the contributions that the OP made while working on the repo at the company unless specific permission was given otherwise would be considered as work for hire or as part of the work product as condition for employment and completely owned by the company (and not MIT licensed).
This is a radical interpretation of the text if I’ve ever seen one. To the extent any of their contributions were merged upstream, they’re inherently MIT licensed by virtue of being in the same codebase which offers that license. To the extent they have unmerged changes, they may well be works for hire but it isn’t GitHub’s role to decide that between a second and third party.
Again nor do they want to. GitHub is extremely hands off about forks and the licensing implications thereof.
This isn’t a GH posture towards licensing disputes, it’s their posture towards their own authorization model. And that’s fine, but we shouldn’t conflate the two when they’re quite distinct.
> The larger issue is that anyone using GitHub is donating their work for re-use without attribution through Copilot.
Wrong. Lets say a GPL project is not hosted on GitHub officially. I can easily setup a mirror for it though on GitHub as the GPL doesn't prevent me from doing it...
Point is that anyone can put my work on GitHub, even if I don't want to.Assuming the project is under a free license though.
> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking)
So I can "perform" and "reproduce" content through forking, solely on Github. But I couldn't clone it, nor make modifications to my fork, if I read that correctly.
It makes little sense and could be avoided altogether by disabling forking for un-licensed repositories. Or by simply giving all new projects a default (with an opt-out option for no license or alternate licenses).
> Pretty much nothing about the website and repo indicated that this is an open source project. Why would anyone just assume that it is?
There is a prominent GitHub link to the codebase.
I think the GitHub terms of service demand that public repo owners grant public downloaders minimal rights to view and use (but not necessarily redistribute) the code.
But the LICENSE file disallows use of the code to some. If the GitHub ToS does what I recall, it seems possible that the copyright license and the repo's presence on GitHub are actually in conflict with each other. (I'm not at all expert here, though.)
> It is responsibility of the entity (Microsoft in this case) publishing the code to make sure that they have the right to publish.
This would basically kill github as an idea. I like the ability to be able to push some personal project to github and don't really give a fuck about technical copyright violations and I think the same is true for 90% of developers.
> [GitHub] plays an increasingly indispensable role in projects that require collaborating around code.
This is just not true and I warn everyone from believing this is the case. GitHub is based on git which can be hosted anywhere and by anyone. The features which GitHub provide above and beyond git can be replicated with some work (either by switching to Gitlab, which you can host yourself, or using one of the other alternatives like Gitea) if you want to.
> And yet most people keep trusting them with their code on Github.
Honestly, from what I've seen many people don't see the issue with this. "The code is public anyway, so what difference does it make?"
I'm starting to see the downsides of that viewpoint now, though[0]. If GitHub, and by extension Microsoft, technically 'own' the code (licensing, etc.) then they have free reign over it, leading to things like Copilot and Intellicode.
> Isn't that against Github rules? And doesn't that mean the 150 forks (republishings) are in legal danger?
It’s not against GitHub rules. Were you under the impression users could only host repositories on GitHub that have licenses that fulfill the open source definition? How did you get that misimpression?
> As a leader of a FOSS project that is on github...Do I have that reasoning correct?
The way I read the article was that by being on GitHub, you are implicitly agreeing to no longer be a FOSS project as regards licensing. GitHub customers can use Copilot to generate proprietary code that's identical to your project's code (several articles I have read call this overall idea "laundering through Copilot", which sounds incendiary but accurate to me) without needing to respect your license.
The other stuff you said is...kind of irrelevant. Sure, you get a lot of convenience from GitHub. If you don't care about software freedoms in the libre/copyleft sense and regard a "do whatever you want" license as the best, then it's probably fine to keep using GitHub.
No. Thats like saying the very act of sharing pictures online implies you want someone else to use them, or that printing your book and selling it somehow implies you want the world to copy it.
You share on GitHub because its a source control platform, and your code may be interesting to others. This does NOT mean that you are okay with someone taking the code and using it in their (potentially commercial) program.
That is NOT implied, and thats why licenses exist. You could even argue that, as GitHub has license detection etc. built in, sharing and reading code there should mean you are aware of licensing.
reply