Follow

Other people can delete your forks on (including all changes you made!). STOP USING GITHUB NOW! Friends don’t let friends use GitHub! docs.github.com/en/github/buil

@js luckily there should be still your local repo if this happens to you

@js
I am sorry that this has happened to you.
@jr

@wend @jr It hasn’t yet, fortunately. But the possibility that it can is concerning.

@js but why should some1 block u without any reason?

@rbn93 Because they want to delete your fork? E.g. you forked because you disagreed with a decision and now they just delete your fork.

@rbn93 @js just got banned from an org for asking them not to be transphobic

@js What the fuck?!If a repository is public,why do they delete forks if the original author can't stand me?!It's my repository then and they shouldn't care at all.Github is such a piece of shit,seriously.I'm glad I stopped using it a long time ago.

@js Fuck GitHub, use GitLab (but not gitlab.com, PLEASE) instead.

@js Honestly, what GitLab needs is some sort of federation system, so it can grow like GitHub, without centralising everything.

@js Centralisation is inherently harmful to technology, so let's fight against it.

To start off, I propose adding ActivityPub support to GitLab, and shutting down the main instance.

Furthermore, I hope matrix.org shuts down in the end, too.

@js I still have a Github account, but it's only because of pure laziness on my part. To migrate off of Github would require not merely moving the repositories elsewhere, but also updating a whole bunch of links to my blog articles and so forth.

I tried self-hosting a Fossil repository, and within 3 weeks, the server was compromised and became a member of some botnet. So, I gave up on that idea; I just don't have the chops for maintaining a secure box anymore.

@js I don't understand the question?

This was a fresh VM install of Ubuntu 19.10 at Rackspace, with Fossil installed as a CGI handler, per their instructions on their wiki.

Beyond that, I don't know how it was compromised; only that it was attempting to dictionary-attack other servers on the hosting provider (which is how I found out about it; hosting provider complained) and mine bitcoin.

All of my passwords are 16 characters long minimum and picked randomly; weak passwords weren't an issue.

@vertigo that’s concerning :/. Hope it was not a bug in Fossil. Though I already did find a security bug in there.

@js I also managed to completely break chiselapp.com's Fossil by (accidentally!) importing a commit that included npm's package repository. It refuses to accept anything I push to it, and it gets my IP address wrong now. So, there's that too.

Note to everyone: make sure you don't commit a change that happens to include the node_modules subdirectory. You'll probably break your Fossil.

I'm saddened b/c I **really** like and want to use Fossil.

@vertigo Can you repro that? That would be interesting

@js I have not tried to repro out of fear that I'd ruin chiselapp.com somehow. (Chiselapp frequently is in a state of disrepair.)

@vertigo I mean if it’s Fossil you should be able to repro locally and use fossil ui?

@js I don't know how chiselapp is implemented on the backend. I haven't tried to repro locally.

@js dam, that's ridiculous. i usually create new repos for forks and leave a link in readme, but i did not expect that not doing so would let people censor and delete the work i've done that i might not have stored elsewhere

what's worse, it might not even be the repo author but anyone who gets access to their account

@js@chaos.social What a troll move would it be to block everyone on a huge repo and remove the block... results: no one is blocked an all fork repos are deleted.... everyone will use the original one from that point (and maybe it can make this nonsense more visible to the media)

@js well I guess if the ICE thing didn't do it, this will, holy shit
@js this is nuts... blocking interactions, sure, deleting forks? Removing attribution from commits? That's an absolute no-go

@reto Might even violate German and Swiss "authorship rights", depending on how they do it.

@js you don't have them if you contributed under the gplv3 iirc

@reto You do. They are rights that you have and cannot even give up.

@js I don't think so... That's pretty much why google makes you sign a copyright waiver and the gpl allows you to take the code and do whatever with it assuming you keep the gpl license... so you waive thise rights as well. Then again IANAL, and you probably aren't one as well 😉
@js It would boil down to a legal fight if the GPL makes you waive those rights or not as the gpl allows you to do anything under the license terms... and you as author explicitly granted them to all, as far as I am aware no one dragged this in front of the BGER

And we are still not lawyers and in a field where even professionals have contradicting views it may be better to be a bit cautious.

@reto Except - GPLv3 requires attribution. And even documenting changes.

@js hm? where? https://www.gnu.org/licenses/gpl-3.0.html only mentions that you must make sure to state that this is a derivative so that the work is not confused with the original, further you are allowed to supplement the license with additional clauses, attribution being a mentioned example. But it's not part of the standard clause if I understand this correctly

@reto Ugh, this is a bad medium for this

Unmodified distr: Need to keep all copyright notices (would be violated by removing attribution)
Modified distr: "a) The work must carry prominent notices stating that you modified it, and giving a relevant date." (GitHub would make you violate that)

Many consider the git history to be documenting changes with prominent notice + date.

So, it depends on how GitHub removes attribution.

@js true, not the best medium.

Mind you, I may very well be wrong but simply adding your name somewhere is not a copyright notice... I think this needs to be explicit. And the license just prohibits you from removing them... if git is not a copyright notice (and I argue it isn't) this doesn't apply.

As for >prominent notices stating that you modified it

that doesn't really apply either if you simply take git as a vcs and not a legal tool or does it... The kernel has signed-by which is considered the legal thingy, not the name in the commit header

@reto Signed-Off-By has a different reason. Many projects use a VCS to document changes as required by the GPL.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community