Why not GitHub?

Tom Ryder, 27 Oct 2017
Last updated 12 October 2019

I host all my own code on my cgit instance. I do have an account on GitHub, but only because it’s a requirement to contribute to certain projects and even to log into some websites. I avoid using the account where possible, and I don’t host code on it anymore since June 2016.

The primary reason I host code on my own domain is a practical one: I can retain control over its location via URI redirects if it needs to move, including redirects to another site if necessary.

However, I also dislike the tacit acceptance of GitHub as the dominant free software hosting platform for a decentralised version control protocol, when it is itself centralised, proprietary, for-profit, closed-source, and politically active. These things make it vulnerable to the same issues and abuse that affected SourceForge. I feel that the free software and open source communities turn a blind eye to this massive liability.

Regardless of your position on individual cases, the fact that so much controversy results from any censorship activity from GitHub should be considered a warning sign that too much depends on their service. Some examples:

The issue here is not political correctness, it’s centralisation. If GitHub were not in this monopolistic position, nobody would care so much about any of the above. The overwhelming monopoly that GitHub has as a code host is a problem that the free software community chooses to ignore.

Rules of acquisition

GitHub has investors who do not care a whit for free software principles, and eventually the company will get acquired—maybe tomorrow, maybe next year—and as we all know, money changes everything.

Don’t leave your project’s nerve center—its primary address, its means of contribution, its issue tracker, its website, its primary documentation, its continuous integration, everything—in a way you can’t redirect!—at the mercy of people who merely want a return on their investment, and do not care about the principles of a minority of angry nerds.

Using Git does not require GitHub!

If you are managing a free software project, please do not host it on GitHub, or at least allow a method of contributing that does not depend on using it or any other proprietary code hosting platform:

Formatting and sending patches:
Use git-send-email(1). The manual page even has instructions for using it with Gmail. Using this method, you don’t need to host the code at all.
Pull requests:
Host your own repositories—it’s really easy—and point maintainers to them with git-request-pull(1).
Web frontend:
Use the superb cgit, or gitweb(1), which is included in the Git source. Both are straightforward to configure for any CGI-capable webserver.

Other options include a self-hosted GitLab, Gogs, Gerrit, or Gitea instance. More ambitious or puritan sysadmins might choose to self-host Drew DeVault’s stellar sr.ht system, which implements a much wider range of GitHub’s features, for an “integrated development hosting” environment.

There are some more good reasons not to use GitHub or its ilk discussed here:

Update—June 2018

Since this page was published, Microsoft has acquired GitHub, and there’s been a small exodus to third-party hosting on GitLab, proving as a community we still aren’t really learning our lesson about third-party code hosting. That said, at least the core software for GitLab is open source, so it’s a marginal improvement, but we could be doing so much better.

If you’re reading this because you’re angry about the acquisition and pondering a move to GitLab, I advise you instead to take the plunge and self-host your code repositories, even if you use the resource-hungry GitLab to do it. It is not as hard as you think, and once done, this problem will never bite you again.

Update—July 2019—1/2

Dave Lane explains in detail why the “Microsoft Loves Linux” slogan is so empty.

Update—July 2019—2/2

GitHub is blocking users from Crimea, Iran, and other places. For developers dependent on it as a service for their projects, this has been crippling, in yet another vindication for the decentralized design of Git that GitHub and other third-party hosting sites have so callously butchered.

Update—September 2019

Hello, visitors from lobste.rs! Thank you for your discussion and critique. I’ve added mention of the excellent-looking Gogs, Gerritt, and Gitea, and adjusted some wording for accuracy and clarity.

To emphasise: nothing in this essay is intended as praise or criticism specifically of social justice, advocacy for protected groups, censorship, United States foreign policy, or its effect on GitHub specifically—they have to follow the law, like anyone else. The focus here is on centralisation onto a commercial service, running proprietary code, subject to the laws of a single country, that already has a monopoly on code hosting for free and open source software, and the free software community’s wilfully ignoring the issues therewith.

Update—October 2019—1/2

The GitHub section of the GNU Ethical Repository Criteria now links to this page. Thank you, GNU!

Update—October 2019—2/2

It’s become more widely known that GitHub had a contract with United States Immigrations and Customs Enforcement (ICE), an ethical hot-topic at present after similar disputes with config management software Chef. Again, the issue here is not whether this is good or bad, it’s that you’re handing GitHub power over your work, while they may be using their proprietary software to political ends that you find repugnant, and refusing you the right to fork and apply their code in the way that suits you, the user. Avoiding these sorts of problems is the entire basis of Freedom 0.