How GitHub monopoly is destroying the open source ecosystem
93 points by toastal
93 points by toastal
https://mako.cc/writing/hill-free_tools.html <- it was true when it was written in 2010 and it hasn't gotten any less true since.
There is also sad case of many newcomers thinking Git = GitHub. I mean, makes sense right, just a shortened way to say it? I have lost count how many times I have had to explain the difference.
I was at a class that taught git (it was not the focus of the class, but it was part of a "proper" compsci degree), and we actually weren't taught git init! When time came to create our own repository, we were instructed to do it through GitHub, and then clone it. When talking to one of the students later on, he thought that's the only way to create a new repo.
Mind you, this was not a "bare minimum" class - it covered most typical stuff like merges, rebases, bisecting, etc.
There was a Mastodon post yesterday with someone asking which of the F/OSS GitHub clones the poster should use for a self-hosted git repository. It turned out that they just wanted to host the repository, they didn't need any of the web bits. An account that they had ssh access to on their server was fine. They were very happy to learn this and it made me wonder how you could become sufficiently confident in git that you wanted to do that without knowing that it was an option.
I'm slowly trying to move out of GitHub. I'm now setting up a shared Linux VPS and doing old school bare repos + gitweb. I was tackling backups, but I realized probably git clone --mirror + git pull cron is the most efficient way to do it.
I'm trying to set this up in a documented/reproducible way. Probably adding some "easy mode" documentation to send email patches and similar information.
Surprisingly, I think there's relatively little documentation on how to do things this way, because everyone assumes that you need a fancy forge.
There’s also this: https://github.com/charmbracelet/soft-serve which gives you a nice-ish frontend to git
My manager at my previous job said Git when he meant GitHub constantly and it drove me insane.
I once tried to explain the difference through analogy: git != github just like how gmail != email...it did not go as I planned.
I think the uptime/reliability argument against GitHub is undercut by Codeberg's own not-so-great uptime figures. As of just now, they're not even at two 9s of uptime1. As bad as GitHub's reliability (and capricious limiting) can be, they're nowhere close to that unreliable. I hope that changes in the future, but that alone keeps me away from Codeberg for the time being.
Codeberg has seen unprecedented growth specifically because Github has been pushing reviled features with no way to opt out and people are flocking to Codeberg as an escape. Back in the days when Github was growing as people escaped Sourcehut, their downtime was pretty bad too.
You won't see an argument from me about reviled features. But I think the circumstances versus GitHub's original rise are pretty different: Sourceforge wasn't exactly super stable either at the time, and the expectations around what a forge provides have also broadened significantly (e.g. providing CI/CD, project management features beyond a basic issue tracker). In other words, we have higher expectations than we did when GitHub was getting started, which means that Codeberg must clear a higher bar to be considered a "default" selection.
Codeberg must clear a higher bar to be considered a "default" selection
Considered by whom? I mean, sure, you can speak for yourself, but for me, Github has gotten so bad that I'm willing to put up with much worse inconvenience than what we're seeing from Codeberg in order to be free from that hellhole.
I think the median person getting into open source has a lower tolerance for DIYing things that the major network-effect service gives them for free. This isn't a value judgement on my part.
(The context here is the post in the OP, where the audience is students being introduced to OSS development.)
I would like to live in a world where we don't consider anything the default option. Replacing GitHub with Codeberg is missing the point.
This, a 100 times. The problem is that even if Codeberg is a better default (being nonprofit, somewhat by the people, for the people so less chance of enshittification), if people have this lazy "let's use the default" attitude, it may still get replaced by something worse when that becomes more popular.
It's really time people started to make more values-oriented choices. I had a blog post planned for this, but I haven't been able to form a convincing, coherent argument around it. Instead, I just published this weak alternative. At least it's coherent...
Can you spell the point? I can think of a number of different problems from:
In other words, we have higher expectations than we did when GitHub was getting started, which means that Codeberg must clear a higher bar to be considered a "default" selection.
hm, not sure about that. When GitHub started, it was considered a more lean and lightweight alternative, offering only the bare git repo and browsing via the web. Remember also that CI/CD originally wasn't even offered by GitHub - most people just integrated Travis CI via a badge in their README. Meanwhile, SourceForge had loads of features that GitHub didn't have, like mailing lists(!), wikis and IIRC also forums and even PHP-enabled website hosting with a MySQL database. It also had an extensive categorization system which allowed discovery of projects.
Of course, when people were moving away from it, SourceForge only offered CVS, AFAIK they only started offering Git way (waay) later. And it had loads of ads and a brief period where it served malware...
Personally, I find GitHub and GitLab too bloated and slow, packed with shitty AI features and integrations nobody ever asked for, so there's certainly space for a simpler alternative.
Huh, I thought SourceForge had been a reasonably early adopter of svn but apparently they were cvs only until 2006 (says datamation) a few years later than I guessed!
Yeah, I remember having to go to Berlios to get svn hosting as a (somewhat) early adopter in the early zeroes. By the time GitHub came on the scene, there were other svn hosters, but SourceForge was definitely a laggard in that respect! I also think this is a big reason GitHub got so big - it came at exactly the right time. There was no clear winner in svn hosting, and svn still had major issues like db corruption and missing merge tracking, git was still new enough that people didn't know it that well and there were no other git forges to speak of. So what do you do when you want to try this newfangled git thing? You use GitHub. And what do you do when you want to get away from buggy svn and arcane CVS? Right, you use Git. That's also how the two became synonymous. Darcs, Monotone etc are just footnotes, possibly due to the fame of Linus Torvalds being behind git, but also because of GitHub (it really was quite good in the beginning).
Well they have an 8hr/week scheduled downtime, so 95% is their promised uptime. They are at 98%(4hrs/week) right now, so they are beating their promise. It would be nice if their promised uptime was higher, but I think if they can stay funded, they will get there.
I find it obscene comparing uptime figures of a pro bono association to that of a billion-dollar for-profit AI corporation.
I find it important to resist the eat-the-world logic but be vulnerable and accept downtime in case. Find other mitigation strategies. Do mirrors. Or keep away, as you already do.
It's not a value judgement. I think the brute reality is that most people only switch when the alternatives reach parity. This is simultaneously OSS's biggest strength and weakness.
yes, neither should be mine. Codeberg doesn't make an uptime claim AFAIK, so it's only fair to curb expectations in that regard. They're a completely different, non-corporate, more community-like approach. Surely not for everybody.
But git being polycentral as it is, you're free to set up mirrors. At least for code that's dead simple and starts with storage+ssh: https://blog.mro.name/2024/10/scaling-infrastructure/#ssh
P.S.: github is far sub-par in my priority matrix.
This seems like a good point for mirroring—even as little as a self-hosting a bare mirror—rather than an argument against Codeberg. The fact that folks think one copy is good enough is already a problem as all servers have downtime.
I'm fully guilty of being part of the problem. I still create repos on Github. My goal for 2026 is to convert some of those to read-only, and place them on Codeberg, Sourcehut, or Tangled.
Tangled (https://tangled.org/) is a really interesting one that I'd encourage anyone to play with if they're interested in alternate forges. Stacked PRs, coupled with jj, are delightful.
I'd urge you to consider the long-term effects of your choice, or you might find yourself a part of the problem again in the future. Codeberg is a non-profit, Tangled and Sourcehut don't seem to be...
I understand where you're coming from, and agree with the principle. I however find no moral or social quandary in supporting indie businesses (Drew DeVault/Sourcehut) and will do so when our interests are aligned. If/when I find myself part of a problem, I will do my best to rectify it, as I plan to do now.
They're absolutely correct, but also weird time to be saying that given that Github is less of a monopoly now than it has been any time since... idk, 2015 or whenever it was that Bitbucket started getting really shitty. Codeberg and to a lesser extent Gitlab and Sourcehut are very appealing alternatives. And with Forgejo finally seeming pretty reasonable and socially-stable unlike any of its predecessors, self-hosting is very easy as well.
Well I find some other things true, it's not like the European Union is exactly the bastion of freedom and hope. They have all kinds of crap going on that closely mirrors in different ways. What we do here in the states. I do agree though that centralization is a bad thing. I would say that any Monopoly regardless of whether it's American, European, Russian, or Chinese, etc is a bad idea.
You're right, of course, but all currently existing big tech monopolies are US based. If Europe/Russia held the same position as the US that would also be bad - but they do not.
A recent change in December seems to be the github rate limit for github issues/PRs/descriptions appears to be set to 0. I can't view them logged out on my home internet connection ever.
I'd actually been slowly moving back to Github away from Gitlab as the public host for my projects last year, but this has triggered me to consider other options, like making Codeberg the "primary" repository for public stuff (private stuff is hosted on a private Forgejo instance these days)
Oh, it's not just me? I get rate limited a lot, but only on my phone (Firefox mobile). I've never seen the message on computers, even on the same network. Though I'm usually, but not always, logged in on computers...
Someone needs to spin up a forgejo instance and start attacking the commercial use case with a well run service. That's where github gets their money and if businesses start leaving github will correct their behavior.
I mean that is kinda what Codeberg has successfully done in the more philosophically-minded free software enthusiasts not wanting to join Savannah. Alternatively, ditching Git is a surefire way to automatically be in a different operating sphere.
I thought codeberg didn't allow proprietary projects on it.
I’m more demonstrating that it can be done successfully with a cohort. That said, if building proprietary software, you might be better off self-hosting your VCS server/mirror rather than relying on some central server for sundry reasons.
I bet most organisations could run their own git / cgit / gitlab instance without having to rely on external organisations and would get a better service.
I'm all for people getting off github, but suggesting gitlab as an alternative is counter-productive, because it's a buggy as hell and a resource hog. People start looking at github alternatives and see how bad gitlab is, and they quickly give up and go back to gitlab, whereas if they had looked a little further, they would have much better chances of being satisfied.
I think the biggest problem for self-hosted forgejo instances (or what-have-yous) is discoverability. It is easier to find projects on a centralized website than on a hundred self-hosted instances.
Maybe federated software forge can be the answer?
Federated forges is being worked on at Forgejo. I think it’ll be another year or so before it’s somewhat ready, if I remember correctly.
They have said this for years now at this point (2018? 2019?). I’m skeptical it will get there considering Tangled (by no means an endorsement) got something off the ground & ForgeFed is still in talks. Is there something wrong with ActivityPub for this use case? It would be nice since ATProto’s ties to Bluesky & cost to run nodes is high, but what has even happened on that front? Should we consider a different federated protocol?
Email. And learning to use git in the command line.
That’s exactly how the Linux kernel is developed and every project on Sourcehut.
It does exactly that but is not shiny and need some learning first.
The thread started with:
... discoverability. It is easier to find projects on a centralized website than on a hundred self-hosted instances.
About finding projects, web search engines are the way. (Although searching Kagi for "soju irc" as a random example has the GitHub mirror and the previous SourceHut repo before the official Codeberg one :).
We went from the web to centralized app stores, and now even software projects are in centralized stores.
(There was Freshmeat, which is currently a redirect to SourceForge :(... I think there are a few similar services, but I think all of them are crap?)
web search engines are the way
Web search engines haven't been the way for years. Web search has gotten worse over time and will continue to do so with the advent of "AI." Github search remains useful, mostly because of advanced technology such as quoting search terms and "AND NOT".
There are two conflicting requirements:
The first of these wants centralisation or federation. The second wants a central moderation team. If it's trivial for spammers to create a new federated instance and make up spam accounts, even if they're caught quickly, that's not ideal.
Before, the answer was Freshmeat; nowadays, maybe Repology (although it is true that neither covers the long tail)
I note that in the early days of the internet, the norm was for institutions (like MIT) to provide storage and infrastructure for their students and faculty. Making things (like gcc) publicly available by ftp and later http was a natural part of open academia (and, to a lesser extent, early tech comanies like the one I worked at).
Sad but unsurprising that we choose to give over freedom and autonomy in favour of convenience... but people have been warning us the entire time.
I think I comprehend the concerns raised in this article, and it's worth thinking deeply about, IMHO. Personally, I've also had to deal with those annoying HTTP 429 status codes (for apparently no reason).
(not promoting): There are OSS projects that are self-hosted by the organizations or communities that develop them. An example I've contributed to is MediaWiki, which is hosted outside GitHub (it's self-hosted on Wikimedia Gerrit, where development and contributions take place). I find this helpful in this context, and there are many such projects.
To add, maybe something the teacher can do (like an exercise) is to find a way for students to curate a list of OSS projects (small, medium, or large) that are not hosted on GitHub, then use that list to assign students to these projects. The popular projects that are already hosted on GitHub can be used to (and rotated year on year). The non-GitHub list can be updated regularly as more discoveries are made. But in general, I think decentralization is worth considering based on the problem the teacher is facing.
What puzzles me is how so many OSS projects are hosted by non-open-source project. GitHub is not open source, right? :)
My 2 cents!