GitHub was purchased by Microsoft

There is a longer discussion on the topic over here: https://discourse.nixos.org/t/discourse-patch-submission-is-not-fit-for-purpose/4757

I feel a bit ashamed we are letting GitHub lock us in. It is an awful tool to use…

It’s really a shame that people that want to help NixOS are forced to give their data to Microsoft.

Could everyone please avoid this boogieman thing? It’s disrespectful to the intelligence of rest of the readers. Please explicitly present your problems with the current infrastructure and list the alternatives where the said problems do not occur. (And please do not bring up telemetry in an unrelated product, discussion of which is out of scope for this forum)

Hi,

Could everyone please avoid this boogieman thing?

Perhaps not anyone, apart from the tone, agree with your sentiment…

It’s disrespectful to the intelligence of rest of the readers.

It migth be mirrored inversed…

Please explicitly present your problems with the current
infrastructure and list the alternatives where the said problems
do not occur.

Well… My own personal “problem” is that since I do not have nor
I want to have a GitHub account I can’t contribute to Nix{,OS}. I
know in that sense some developers hear are willing to help, if I
send something here they’ll put on GitHub on my behalf etc but
while I thank them all in advance, also for their work on NixOS,
It’s not a sustainable thing. It can be ok for a casual simple
patch, nothing more.

And please do not bring up telemetry in an unrelated product,
discussion of which is out of scope for this forum

If this “forum” is a catch-all place for all NixOS user, I’m sorry
to say that such discussion are in scope e the fact that most of
the world do not care about them is not a justification to avoid
discussing. Most of the people in the world are poor, I bet no one
consider being poor a good thing, something to “not care about”.
There are tons of IT illiterate, again I imaging developers and
FOSS users in general do consider that negative, not positive or
out of discussion since this is the de facto situation.

GitHub, obeying to USA government sanction already cut out few
countries during the night in the recent past. It paying
customers from those country and few well known FOSS developers
were cut out without any previous alert. Most of Nix{,OS} devs
are not from affected countries, but it does not means that in
a not so far future some other countries will be added to the
list and so a part of community might be cut out as well.

In general a FOSS project MUST not relay on a single proprietary
service. A mailing list is a standard thing, if a vendor does not
perform well can be changed easily without particular issues. A
public hosting for git repos can also be changed with not much
effort, but develop using proprietary services can’t be changed
without a significant workflow change and probably a certain
history loss.

“The Cloud” is not the nature, are only someone else servers. It
it normal to depend on them since we (humans) do not have usable
distributed services, but depend on FOSS tools offered by someone
is a thing, depending on proprietary tools offered by a single
vendor is another. And the fact that developer so skilled tech
guys/gals do like to ignore or accept as “the normal” these days
is more than disturbing and alarming.

– Ingmar

These kind of generalizations are really dangerous to claim, I’d be careful before making them.

I don’t think any platform we pick will be fair, a better way than arguing on discourse is to setup an alternative system to help those that can’t use github and proxy them.

My question to you @xte is how much are you will to contribute to help these values? I see there’s plenty of things anyone could do to improve the status quo, but it’s much easier to cast morale onto others

The tragedies of the commons. One thing that is for sure in my mind is that we want to keep the main interaction on GitHub as it’s where most of the developers are at the moment. This might change in the future, just like SourceForge used to be the primary hosting solution.

Right now, I don’t see how it’s possible to be both on GitHub and another code hosting platform at the same time. It would require to divorce things like maintainer identities, which are quite central for @ mentions. But if somebody comes up with a credible alternative vision of how things could work, I am all for it. I think we can all agree that having some backup plan against GitHub is not a bad thing in itself.

Hi,

These kind of generalizations are really dangerous to claim, I’d be
careful before making them.

Anything that imply/procrastinate/describe a substantial change is
dangerous, but it’s part of the game of life

I don’t think any platform we pick will be fair

Sadly these days it’s probably true, at least to a certain extent,
but a note: I’m not against GitHub, or GitLab, or SourceHut, or
something else. I’m against of a certain use of them. Use as a
mere public repo mirror is IMO normal, good, it does not tie to
any service in particular, multiple mirror on multiple platforms
may exists. The issue is basing on them the development model, PRs,
pipelines etc are a potential threat, since there are not based on
standard FOSS tools anyone can host, so if GitHub can’t be used
anymore at a certain point in time, an workflow change and a
potential, partial history/“data” happen. Nothing more, nothing less.

I dislike profiling, but this is a “philosophical point”, impacting
human life not mere development. Depend on certain service on contrary
impact directly a project.

a better way than arguing on discourse is to setup an alternative
system to help those that can’t use github and proxy them.

Honestly I think it would be wasted time in the sense that GitHub,
like any other, is a service, those APIs might change suddenly at
any point in time, invest in a potentially not quick&simple tool,
witch can probably only be another service, is not much nice IMO.

My question to you @xte is how much are you will to contribute to help
these values? I see there’s plenty of things anyone could do to
improve the status quo, but it’s much easier to cast morale onto
others

If I can contribute suggesting and implement an alternative I’m
happy to as much as I can. But what I mean is something like
“how to being able to develop around standard tools”, like how
to setup a proper mailing list, a searchable archive, a issue
tracking system around it, all needed documentation to help anyone
entering the new system, even with little or no previous knowledge
of those tools etc.

For some issue I can’t contribute, like I can’t offer hosting for
a ML, an archive etc. My knowledge of Nix development is not enough
to going deep enough to describe a migration process, but I’m willing
to learn.

It will be a nice start, if there are a certain interest in Nix{,OS}
devs, to discuss how such “new system” might work. For instance
many FOSS project are developed with this model but they still have
a certain number of downside. For instance handling bugs with tools
like Gnus/debbugs are well… A bit of a nightmare. Develop something
new is NOT easy nor quick, but as long as there is now pressing
schedule why not, I can do something and it will be nice.

Propose an easy entry-barrier to a powerful MUA, also explaining why
is not only “the sole way to properly participate to a specific
project” but a nice and useful to know and have thing it’s also
challenging in an era where people want web services.

Craft them like a single package, complete with docs, demo video, etc
since this IMO is the sole possible way to succeed is also not that
quick, but that’s is. Is a thing I’m certainly willing to contribute.

And this is a simple start, after there probably be many specific
issues to address, the classic 90/10% rules…

So my answer how many are interested?

– Ingmar

I think it is good to be pragmatic about such things. GitHub offers a lot. Including:

• Most potential contributors are on GitHub. Far fewer people are on GitLab, let alone a project-specific forge.
• The Pull Request and Issue features seem to be working well for the project.
• GitHub is very actively developed and often adds new useful features.
• The management of the infrastructure is taken care of and seems to have good uptime.
• The current workflow is centered around GitHub.

Whereas the downsides brought forward seem to be hypotheticals:

• GitHub was acquired by Microsoft. But so far I haven’t seen any negative impact.
• Data collection. But it is not made clear what data collection GitHub is currently doing that is problematic.

Of course, it is completely valid to be principally against Microsoft. However, leaving GitHub for that reason would probably result a large loss of (potential) contributors to a small number of contributors that have strong enough objections to not have a GitHub account.

I am nearing my forties, so I love e-mail. But this discussion comes up often (e.g. in the context of SourceHut) – to many young people e-mail is basically dead or at least obsolete. The idea of sending and reviewing patches by e-mail is completely alien to them. I think most of my colleagues who have used git for years don’t even know that git format-patch or git send-email exist. To me that seems to be a passed station (at least as the main contribution mechanism for modern large projects).

Hi,

I think it is good to be pragmatic about such things. GitHub offers a
lot. Including:

• Most potential contributors are on GitHub. Far fewer people are on
  GitLab, let alone a project-specific forge.

Sincerely I’m not convinced: contributors are IMO users, so people who
already know Nix{,OS} and use it. Offering an easy way to participate
of course encourage and help and yes GitHub is well known to many, so
it help, but a simple package “install and start work with all you
need” can be even simpler and being “curious” for newcomers might be
also a boost of small potatoes contribution by curiosity.

Whereas the downsides brought forward seem to be hypotheticals:

• GitHub was acquired by Microsoft. But so far I haven’t seen any
  negative impact.

Oh I’m not disturbed by that, for me “You-name-it inc” or Google,
Microsoft or some other company make no difference. I do not even
care if the company behave openly and seems friendly or not, because
things might change, at any point in time. My point is about being a
proprietary service, no matter who hold it.

If is used as a simple “public repository” switch to another is a
matter of change remote URL, not much more, so not a real issue.
Use proprietary feature in their workflow on contrary is an issue
when something change.

• Data collection. But it is not made clear what data collection
  GitHub is currently doing that is problematic.

It’s not much a matter of “how much data collection cost” is not
an acceptable price IMO (and in that sense probably GitHub is
better than GitLab, it collect probably less).

Of course, it is completely valid to be principally against Microsoft.

Not my case, I’m against Microsoft model, non Microsoft as a single
company. I’m against using proprietary services even if they are from
Foo FOSS contributors ltd. It’s ok if such services are standard FOSS
tools so migration is easy, not otherwise. For the same reason I’m not
against GMail, as long as it’s IMAPs and SMTPs are usable without issue.
And in that sense I dislike GMail because of it’s non-standard IMAP,
but I dislike far more Proton or Tutanota because they do not offer
anything standard. For me they are not “good player” but trap awaiting
to trigger.

I am nearing my forties, so I love e-mail. But this discussion comes
up often (e.g. in the context of SourceHut) – to many young people
e-mail is basically dead or at least obsolete.

True and another good reason to teach them freedom. We need to teach
freedom especially in a world where universities do not teach it
anymore (almost).

The idea of sending and reviewing patches by e-mail is completely
alien to them.

And they are partially right since they do not know any good MUA,
with easy and reasonable defaults to use. Another reason for me
to push that model, with pre-coocked MUAs that can be used as
immediately as Claws or Thunderbird.

vendor-lockin, is not hypothetical
project data (e.g. issues) being in a golden, centralized cage is also not hypothetical.

• Most potential contributors are on GitHub. Far fewer people are on GitLab, let alone a project-specific forge.

Gitlab has «login with GitHub», for example. I kind of doubt that this hurdle would compare to the other parts of contribution learning curve (some fixable, some only theoretically fixable, some inherent)

• The Pull Request and Issue features seem to be working well for the project.

Single-tracker issues, everything-a-mess-of-labels instead proper issue status flows in real issue trackers, randomly collapsing the middle of discussion — that’s just what I can remember without starting to think. This leads to weird negotiations because people have more or less similar ideas of issue status meaning in a rich workflow but different mapping of it to Open-vs-Closed.

So no, PR&issue workflow is not specifically good. It is somewhat working, and any other issue tracker would work the same, and a real issue tracker would probably work better.

• GitHub is very actively developed and often adds new useful features.

… also changes API making stuff nullable without warning (happens right now)

(here open-ish development of the platform would at least give us heads-up; self-hosting is a completely different trade-off of course)

• The management of the infrastructure is taken care of and seems to have good uptime.

They are big and have gray failure, though — it is fine when some comments get lost for ten hours then suddenly appear all together with all the retries included; it is less fine when everything from some user disappears for a few days with zero idea what this was (has recently happenned)

• GitHub was acquired by Microsoft. But so far I haven’t seen any negative impact.

Microsoft even seems slightly less overreaching in interpretation of sanctions than other US companies, apparently.

On the other hand, abusing monopoly control to force ecosystem changes is something Microsoft does very efficiently, maybe even more efficiently than Google.

• Data collection. But it is not made clear what data collection GitHub is currently doing that is problematic.

… compared to what Bing would index in whatever public discussion platform Nixpkgs uses anyway. Here I complete agree with you, that this point needs concrete something to be discussed reasonably. If we talk about data collection, we should start with acknowledging how much details we publish (commit timestamps have seconds included, signing keys for commits will be public anyway etc.)

Of course, it is completely valid to be principally against Microsoft. However, leaving GitHub for that reason would probably result a large loss of (potential) contributors to a small number of contributors that have strong enough objections to not have a GitHub account.

To be fair, here we should also compare what is a worse outcome for us: a contributor not bothering to overcome the hurdle of logging in to another service, or the contributor coming and being frustrated with the wait necessary to get a package addition reviewed.

I am nearing my forties, so I love e-mail. But this discussion comes up often (e.g. in the context of SourceHut) – to many young people e-mail is basically dead or at least obsolete. The idea of sending and reviewing patches by e-mail is completely alien to them. I think most of my colleagues who have used git for years don’t even know that git format-patch or git send-email exist. To me that seems to be a passed station (at least as the main contribution mechanism for modern large projects).

We push people to use this esoteric thing or that (nix-review, and there is a chance of nixpkgs-fmt being recommended), so while we should have something web for viewing, the submission part of the patch doesn’t matter as much. One needs to learn git anyway, so if git does most of the work, it should be fine…

This post has now devolved into a soft flame war which was inevitable since it started with a baseless argument. That said, this keeps showing up on my front page and I’m bored so I’m going to be a bit inflammatory in the hope that this will accelerate it’s closure. Apologies to all decent people.

Here’s are the things that bother me because they are ironic- people who cannot format their regular emails properly without linebreaks (in this very thread) so that I can read on mobile, are the same people that are advocating switching to an email-only git service.

What also bothers me is that people that are prescient enough to know that someday Microsoft would lock github users in are advocating using Gitlab which isn’t open source in its entirety (public entirely, not OSDI approved “open” entirely) and which is backed by probably the biggest enemy of privacy- Google. Oh no, I don’t want Microsoft to know I changed the version = and hash = line in a .nix file, here let send this patch by GMAIL. And don’t get me started on Google. Android has parts which are fiercely closed source. Every last american company does OSS for PR. Only Stallman does it as a matter of ideals. Those who are in position to be blunt about it are blunt about it. Those who have to pretend to be nice pretend so. Since we knew on the day the deal was finalized that Github is now bad, how do we not know that Gitlab is bad?

It seems to me that on the day the deal was finalized, 17 people across the internet rushed to create a blog post about leaving Github for something better. Of them 9 didn’t even create a Gitlab account hoping someone else would do it for them and 4 deleted their Github accounts in acts of heroism, not waiting for SEC, European competition commission, China competition comission et al approval because that would have been less heroic. Now those 4 feel like fools because none of their fears have been realized (duh!) and just want company.

Here’s my question- what proprietary component of Github is nixpkgs currently using? Asking because the words “lock in”, “proprietary”, and MICRO$$$OFT are being thrown around willy-nilly. Code is in Git which is, I don’t know if it’s known, a tool/protocol for storing the entire history. Hence anybody can move out any time. Then there is PRs/issues, good only for historical context and can actually be exported out just fine. Yes there is some tooling around Github, tests et al but the major component is written without any Github assumptions. Its only the plumbing. And that’s a lock in because there are actually features there. You can’t get locked in if you don’t have features. What features does sr.ht provide? Drew hasn’t even managed to create a simple online discussion UI despite it not being in “conflict” with email based discussion, he’s a single person (worth 10 of OSS forum activists but still). Some day he would like to add a feature and then he will have to seek money. Stallman won’t be funding him. It would be someone who’d want return on their capital. And who dreams to be rich. And that guy would also hope to lock you in. Tomorrow if Gitlab decides to no longer publish any further changes, who’s going to maintain it? The same guy that refuses to create a throw-away email using Opera free VPN to create a Github account?

So everybody just hold your horses and let the actual calamity come. Don’t get too paranoid. There’s enough shortcomings with NixOS as it is. For 17 people’s paranoia, I’m not going to go to Gitlab’s interface and upload my ssh keys and create auth tokens. There are better things to do.

Btw, if somebody needs to get more upset about Microsoft, I just recently submitted a PR to update Powershell to 7.0 in nixpkgs.

Hi,

Here’s are the things that bother me because they are ironic- people
who cannot format their regular emails properly without linebreaks (in
this very thread) so that I can read on mobile, are the same people
that are advocating switching to an email-only git service.

Personally I know how to use F-F, but I dislike it. I consider mobile
usable only for:

• good PND (GMaps)

• quick see INBOX sometimes on the go, certainly not respond

• mild SMS usage if really needed

• casual news access when waiting for something on the go

• good enough camera to take casual photos

• quick web searches to find a phone number on the go

So I avoid by choice F-F. In flame terms I consider modern web and
mobile as an incredible Babel’s tower of crap and I hope it will
collaps as quick as possible.

What also bothers me is that people that are prescient enough to know
that someday Microsoft would lock github users in are advocating using
Gitlab which isn’t open source in its entirety (public entirely, not
OSDI approved “open” entirely) and which is backed by probably the
biggest enemy of privacy- Google.

Well… Did you lock you home door? Your car’s one? You know the real
chance of being robbed in most western world is not that high. So why
you waste time and money, insurances included, to protect yourself
against a not-that-likely event? Also why waste company money about
fire prevention? Fire in company’s buildings around the developed
world are damn rare! Why the hell DR plans? Geo-replication? What?
When was the last catastrophic event that blow up a local datacenter?
Why the hell ethernet cards do checksum on packed that are also
checksummed by other software in the upper OSI level? I can go further
as you wish. You already know the answer: because it might happen.

Oh no, I don’t want Microsoft to know I changed the version = and
hash = line in a .nix file, here let send this patch by GMAIL.

You probably ignore how widespread and powerful profiling/behavioral
analysis is these days. But anyway, here personally I do not talk
much about privacy but about guarantee of being able to operate with
enough safety behind.

Only Stallman does it as a matter of ideals.

When I was a student I think RMS is a symbol so it have to extreme
for he’s role. Having seen actual evolution I think he’s a moderate
and he do talk moderately about the bare minimum needed to avoid or
at least mitigate our social disaster.

Here’s my question- what proprietary component of Github is nixpkgs
currently using?

I respond with an answer: if I found a bug in NixOS (for instance
Anydesk is broken since few months, I’d like to look for a solution)
decide to work on that, solve and made a patch. How I can properly
submit it? Of course I can send a patch here (did few times ago, a
really stupid one about a nilfs2 issue) but this demand someone that
pick it up ad do work on GitHub on my behalf. Not a proper way. So
I can’t contribute. The shortest version is: Nixpkgs development does
not happen with git and a pseudo-mailing list but on GitHub platform
so the proprietary component is the platform itself.

Btw, if somebody needs to get more upset about Microsoft, I just
recently submitted a PR to update Powershell to 7.0 in nixpkgs.

Just for curiosity why you think that someone is against Microsoft
in particular like students from the mid-2000’s? Personally I’m
against proprietary lock-in, not caring who it the counterpart.

– Ingmar

Here’s my question- what proprietary component of Github is nixpkgs currently using?

Webhooks — necessary for ofborg integration, impossible to include in a self-contained CI, change from time to time with no notice.

Code is in Git which is, I don’t know if it’s known, a tool/protocol for storing the entire history.

Actually not the entire history (given an average patch, the fact it was commited to staging is more valuable than the commit message which by our conventions summarises the things already obvious from the diff — this gets lost in most Git workflows), but what is not stored there is not available on Github either anyway…

(and nobody cares, so losing the issue discussion is probably fine anyway)

I don’t want to get involved in this thread, but I think there are two
things I have to say.

Here’s my question- what proprietary component of Github is nixpkgs
currently using?

I respond with an answer: if I found a bug in NixOS (for instance
Anydesk is broken since few months, I’d like to look for a solution)
decide to work on that, solve and made a patch. How I can properly
submit it? Of course I can send a patch here (did few times ago, a
really stupid one about a nilfs2 issue) but this demand someone that
pick it up ad do work on GitHub on my behalf. Not a proper way. So
I can’t contribute. The shortest version is: Nixpkgs development does
not happen with git and a pseudo-mailing list but on GitHub platform
so the proprietary component is the platform itself.

In what way is the proposed solution of using a throwaway email address
to create a github account not a solution? This way, github would have
literally nothing more about you than what would be public with the git
history anyway, wherever we host it.

I feel like you associate your refusal to use GitHub on philosophical
grounds with vendor lock-in. Another one’s refusal to use GitLab on
philosophical grounds (it’s software made by a company, not by a co-op,
so it’s the product of exploiting humans) would be just as legitimate as
yours, but would be no more vendor lock-in. And another one’s refusal to
use email (its security is awfully broken the way it’s currently
deployed on the internet) would still be as legitimate.

Just for curiosity why you think that someone is against Microsoft
in particular like students from the mid-2000’s? Personally I’m
against proprietary lock-in, not caring who it the counterpart.

If GitHub dies, we have (at least we should have, I know this has been
discussed at length but don’t know if the ones with the appropriate
rights actually did it) backups of the whole data it has. We write a
script that converts it to whatever new software, import it, done.

If we were on GitLab, and GitLab died, sure it’s OSS, so we could just…
have a backup and re-import it into another GitLab instance. We spared
ourselves the “write a script that converts the data” step. But if
GitLab dies, then I don’t have even remote hope that the software will
keep being maintained by the community. So we’d have to eventually
switch to gogs or gitea or something like that. And then… well, the same
thing happens.

There is vendor lock-in iff we don’t have our own backups of the
data. Whether the hosted service we use is proprietary or not doesn’t
change anything, we have the data, or we don’t.

I only asked if there is a way to contribute my personal time and brain-capacity to the development of Nixpkgs without GitHub, (for example by providing the option to use a mailing list to submit patches ), I’m not even asking or enforcing anyone to ditch GitHub, I was only asking to another option, another channel to contribute.
And look at this discussion? Yes, I’m one of those four ‘fools’, thank you very much.

(And no, I don’t have a Gmail account, for obvious reasons)

Disclaimer: I’m not speaking as a representative of Microsoft, but I currently work at Microsoft.

Microsoft’s main focus for new revenue is selling public cloud services. You can see that this https://azure.microsoft.com/en-us/blog/announcing-azure-pipelines-with-unlimited-ci-cd-minutes-for-open-source/ was announce shortly after the purchase. In this case, github gets an “official” CI platform, and Microsoft has another way for companies to be introduced or use their cloud services.

Speaking as someone who has rolled out cloud services, you do want to collect usage telemetry, it enables you to make decisions about future direction of your product or service. The difference being, the metrics are aggregated; and usage about a particular user is lost (There are also legal restrictions about what is collected, such as GDPR). However, this is nothing special about Microsoft, most online services collect some telemetry on service usage.

As @SRGOM mentioned, the data inside nixpkgs · GitHub is relatively benign, and we are not maintaining any sensitive information on contributors, users, or customers(if we had them). Most of your attribution is to a github account, so you should be able to create a “throw-away” account that is registered to a “throw-away” email, and not have to worry about it. Is this ideal? no. Is it pragmatic for all the other services and benefits nix gets? absolutely.

If you are super concerned about privacy, you should be doing everything you can to anonymize yourself regardless of the workflow.

Any one workflow will inconvenience someone. With all of the other problems plaguing nixpkgs, I think going down the path of usability with GitHub was a good one. For every person that was turned away because of GitHub, I suspect that many more found it easier to contribute because it was on a familiar platform.

Hi,

what nilfs2 issue did you have and what patch did you send?

At that time nilfs2 was not build with libmount support, that
stop the cleaner daemon to work, I do not find much apart of

– Ingmar

Hi,

In what way is the proposed solution of using a throwaway email address
to create a github account not a solution? This way, github would have
literally nothing more about you than what would be public with the git
history anyway, wherever we host it.

For me it respect my desire to be out of GitHub, but that’s not the
issue in discussion. The point is Nix{,OS} dependency on GitHub or
to be more precise on certain services it offer that are not based
on common tools so not easy to port elsewhere, at list not in a
quick and simple fashion…

I feel like you associate your refusal to use GitHub on philosophical
grounds with vendor lock-in.

Well, yes, also philosophical but also more “practical” doing the
game of what happen if GitHub should be abandoned for whatever
reason at a certain point in time, perhaps suddenly?

Another one’s refusal to use GitLab on philosophical grounds (it’s
software made by a company, not by a co-op, so it’s the product of
exploiting humans)

For me is: if is a product of a company, not FOSS, with a community
around big and engaged enough to substitute the company if needed is
an unsafe software. Companies got sold, change advise, fails, it’s
normal, but as long as is possible to choose something that is rooted
on something more safe, like an interested community it’s better go
that way. I’m not against “companies” I need as anyone money to eat
and I do not find them in my garden, but in my vision software must
not be nor a service nor a product, It’s normal to “sell” developers
time and experience, hardware, but not more. Like is not acceptable
to have public universities behind private companies in term of
research and knowledge. A free market, in the liberist model does
not work for all in the long run, a regulated model might work and
choose the right mix is critical.

If I’m relatively tied to a vendor for a ML/mail service it’s ok, I
always can change without having to modify more than few URLs. This
because mails are standard free software tools and I have many
vendor to choose from. A proprietary service with proprietary tools
is an issue. A stupid example: whatsapp let you export your chat.
But what you can do with such export? If I change my mail hoster my
addresses/aliases remain the same, so my MUA with tags, saved
searches etc. I only have to wait a bit for the domain transfer and
a little upload time to push my maildirs on new system. With WA if
for instance I’m forced to migrate to another chat software I might
need to write down quickly a software than mangle WA exports to
being able to import them back, a new UI etc. It’s not a light
change. And well… It might be seen a “philosophical issue” but
in my view is a practical one, despite for now we do not see such
issue widespread.

And another one’s refusal to use email (its security is awfully broken
the way it’s currently deployed on the internet) would still be as
legitimate.

Since contribution are about a FOSS project… Well anything in them is
actually public so… The plus of emails is simply that they are text,
and a free well-known tools, it have accumulated many issues, that’s
sure. But is still text, something easy to manipulate and is not a
single vendor project.

If GitHub dies, we have (at least we should have, I know this has been
discussed at length but don’t know if the ones with the appropriate
rights actually did it) backups of the whole data it has. We write a
script that converts it to whatever new software, import it, done.

Did you try to figure it out, for instance with a little toy POC to
migrate from GitHub, PR, wiki, pipelines, … to another hoster with
a different offer? Passing the sources is certainly easy, export PRs
and wiki might be less easy, change pipelines might be manual…

– Ingmar

I only asked if there is a way to contribute my personal time and brain-capacity to the development of Nixpkgs without GitHub, (for example by providing the option to use a mailing list to submit patches ), I’m not even asking or enforcing anyone to ditch GitHub, I was only asking to another option, another channel to contribute.

I think that one thing you could do might be to host a mailing list and
relay the patches posted there to the mailing list to GitHub –
hopefully using a single GitHub account with a throwaway email for all
the patches anonymously provided there would alleviate your personal
privacy concerns? Anyway, someone has to monitor this mailing list, and
I’m not sure anyone else would be volunteering for that while there’s
already so much to do with what comes through GitHub.