The Software Freedom Conservancy (SFC), a nonprofit organization focused on free and open source software (FOSS), said it has stopped using Microsoft’s GitHub for project hosting — and is urging other software developers to do the same. to do.
In a blog post Denver Gingerich, SFC FOSS license compliance engineer, and Bradley M. Kuhn, SFC policy officer, said GitHub has played a dominant role in the development of FOSS over the past decade by building an interface and social features around Git, the widely used used open source version control software.
By doing so, they claim, the company convinced FOSS developers to contribute to the development of its own service that operates FOSS.
“We are phasing out all of our own use of GitHub and are announcing a long-term plan to help FOSS projects migrate away from GitHub,” said Gingerich and Kuhn.
We no longer accept new member projects that don’t have a long-term plan to migrate away from GitHub
The SFC mostly uses self-hosted Git repositories, they say, but the organization used GitHub to mirror its repos.
The SFC has added a Sign up on GitHub to its website and asks FOSS developers to voluntarily switch to another code hosting service.
“While we don’t require our existing member projects to relocate at this time, we will no longer accept new member projects that don’t have a long-term plan to migrate away from GitHub,” Gingerich and Kuhn said. “We will provide resources to support each of our member projects who choose to migrate and assist them where we can.”
GitHub claims to have approximately 83 million users and more than 200 million repositories, many of which are under an open source license. The cloud hosting service specifically promotes itself for open source development.
For the SFC, the break with GitHub was accelerated by: general availability from GitHub Copilot, an AI Coding Assistant tool. GitHub’s decision to release a for-profit product derived from FOSS code, the SFC said, is “too much to bear.”
Copilot, based on OpenAI’s Codex, presents code and features to developers as they work. It is able to do this because it is trained “on natural language text and source code from publicly available sources, including code in public repositories on GitHub,” according to GitHub.
Gingerich and Kuhn see that as a problem because Microsoft and GitHub haven’t provided answers about the copyright implications of training its AI system on public code, on why Copilot is trained on FOSS code but not copyrighted Windows code, and whether the company can specify any software licenses and copyright holders associated with code used in the training dataset.
Kuhn has written previously about his concerns that Copilot’s training poses legal risks and others have expressed similar concerns. Last week, Matthew Butterick, a designer, programmer and lawyer, published a blog post stating that he agrees with those who claim that Copilot is an engine for violating open source licenses.
“Copilot completely disconnects its input (= code under various open-source licenses) and its output (= code algorithmically produced by Copilot),” he wrote. “For example, after more than 20 years, Microsoft has finally produced what it falsely accused of being open source: an IP rights black hole.”
Arrogant, subtle, titled: ‘Toxic’ open source GitHub discussions explored
Such claims have not been settled and are unlikely to be settled until there are actual lawsuits and judgments. other lawyers Remark that GitHub’s Terms of Service grant the right to use hosted code to improve the service. And legal experts at Microsoft and GitHub certainly believe they are off the hook for licensing compliance, which they pass along for those who use Copilot to generate code.
“You are responsible for ensuring the security and quality of your code,” explains the Copilot documentation. “We recommend that you take the same precautions when using code generated by GitHub Copilot as you do when using code that you have not written yourself. These precautions include rigorous testing, IP scanning, and tracking for security vulnerabilities.”
Gingerich and Kuhn argue that GitHub’s behavior with Copilot and other areas is worse than its peers.
“We don’t believe that Amazon, Atlassian, GitLab, or any other for-profit hoster are perfect actors,” they said. “However, a relative comparison of GitHub’s behavior to that of its peers shows that GitHub’s behavior is much worse. GitHub also has a track record of ignoring, rejecting, and/or belittling community complaints about so many issues , that we should urge all FOSS developers to exit GitHub as soon as possible.”
Microsoft and GitHub did not immediately respond to a request for comment.