GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users’ repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
That’s the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.
Yeah I figured as much. It was mostly a joke. At the end of the day, if stuff is on GH, people can take it. It’s barely even stealing. Unless the license disagrees of course but then you were putting a lot of trust in society by making it public in the first place.
That’s what I don’t get about this. Why does anyone care? Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Until it isn’t. Perhaps they are preparing for a future war with the US and assume their access to all that code will be blocked. They want to copy it now while they have access.
Apparently they aren’t respecting licenses. It’s possible to have source code publicly available on GH but have it not be truly FOSS. But that’s generally not a great idea since you’re effectively relying on the honour system for people not to take your code.
The real solution is to include a few
tiananmenSquare
variables in all the repositories. Either they exclude the entire repository or just the specific file, in either case the entire project may be unusable.So… You’re saying instead of “main”, “app”, or “core”, we should change the convention to make tiananmenSquare the entry point for apps?
Or maybe make it the filename for utils, so it’ll just break
It’s a new coding paradigm, I will take some time getting used to looking for libraries in the
uyghur/tianamen
folder.China filters every byte of Internet traffic in and out of the country.
It seems naive to think they can’t accomplish the same thing for a GitHub mirror.
They’re not supposed to, it’s just about blocking them from using the software :)
How will they filter it out? If they just don’t mirror anything with ‘forbidden’ terms, we can poison repos to prevent them being mirrored. If they try to tamper with the repo histories then they’ll end up breaking a load of stuff that relies on consistent git hashes.
I feel like the effort to make such a repo and make it popular enough to be cloned and rehosted is a lot more effort than someone manually checking the results of an automated filter process.
The “effort economy” is hugely in favor of the mirroring side