GitHub, a company used and trusted by the thousands of open-source projects whose reach and impact serves as the framework for modern technological society, has died. Tomorrow, Microsoft GitHub will be born, and thousands of open-source projects will lose a home.
Some of the world’s most important open-source projects—projects that build the very world you interact with every day—are hosted and propagated through GitHub. When a suggestion to change that software is made, it happens on GitHub. When a bug is fixed or a feature is added, it happens on GitHub. Developers building applications use package managers which, in many cases, utterly depend on GitHub.
And yet even more chilling is that the infrastructure underlying the core code management and review of cryptocurrencies around the world, in most cases, lie nowhere other than in
GitHub Microsoft GitHub.
As I read this to myself, I say, why? Why have we trusted GitHub with so much of modern open-source infrastructure? The answer, is, of course: we really like GitHub. And we trust it. They’ve been good to us. We don’t think of acquisitions, or if we do, we hope it’s precisely not one that would impede on what we love so much about it.
Today, many privacy and security oriented applications distribute their code and releases through GitHub, treating the entity as an independent middleman who is potentially less swayed by political influence. Cryptocurrency wallets which run in the web use GitHub to vouch for the integrity of their application in your browser: This website runs directly from compiled code hosted on GitHub. And as much as I don't want to, even I feel a small oozing of relief when I read that. I say, cool, yeah, I know how GitHub pages works, and this wallet is definitely being run directly from the source code I see, and the source code everyone else sees.
Decentralization is all in the name of removing trust in any entity (precisely for this reason), but in GitHub, we all foolishly saw a friend. We needed the ease-of-use software so we can focus on the other hard part of software. And—you won’t screw us over, right GitHub? You’ll…you’ll tell us if any shady business is happening with you and any political entity, right GitHub? Needless to say, the benefit of the doubt was collectively granted to them, and open-source prospered for it.
Today, open-source projects who rely on a dependable middleman to host and deploy software will need to ask themselves: am I ok trusting Microsoft to be that person?
This is of course not to neglect the business aspect of keeping a company as heavy as GitHub up and running. If not Microsoft, perhaps GitHub will have struggled to remain afloat and slowly began to wither through the course of the next several years? I don’t know. What is distinctly clear, however, is the sour taste I feel bubbling in my throat when I struggle to say, let alone think: A large part of the technology underlying modern software applications is now being distributed through Microsoft.
Even I have to start asking myself: am I ok having downloads for a privacy-focused note-taking app coming from Microsoft? ... No. I am, to my dismay at the avalanche of technical debt to come, not ok with it.