Jump to content

GitHub: Difference between revisions

From Consumer Rights Wiki
← Older edit
VisualWikitext
Rudxain (talk | contribs)
confirmed, superconfirmed
955 edits
m link Uptime
 
(9 intermediate revisions by 3 users not shown)
Line 6: Line 6:
|Type=Subsidiary
|Type=Subsidiary
|Website=https://www.github.com
|Website=https://www.github.com
}}
|Industry=Developer platform}}
'''GitHub''' is a proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, GitHub has been a subsidiary of [[Microsoft]] since 2018.
 
'''{{Wplink|Github}}''' (GH) is a proprietary developer platform that allows developers to create, store, manage, and share their code. It uses {{Wplink|Git}} to provide distributed version control and GH itself provides access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, GH has been a subsidiary of [[Microsoft]] since 2018.


==Consumer impact summary==
==Consumer impact summary==
{{Ph-C-CIS}}
*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot ([https://megalodon.jp/2026-0326-0304-56/https://github.com:443/features/copilot Archived])</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with [[Artificial intelligence|AI]].<ref> https://itsfoss.com/news/gentoo-github-switch-begins/ ([https://megalodon.jp/2026-0326-0305-45/https://itsfoss.com:443/news/gentoo-github-switch-begins/ Archived])</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg ([https://megalodon.jp/2026-0326-0306-04/https://www.linuxjournal.com:443/content/gentoo-charts-new-path-moving-away-github-toward-codeberg Archived])</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>
*'''Privacy:''' GitHub is owned by [[Microsoft]], raising questions about data usage. GitHub has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot</ref> Many projects such as the Gentoo Linux project, have left GitHub due to the privacy and security concerns associated with AI.<ref> https://itsfoss.com/news/gentoo-github-switch-begins/</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg</ref>


*'''Transparency:''' While some tools like [https://cli.github.com/ the <code>gh</code> CLI] are open-source,<ref>{{Cite web |date=3 Oct 2019 |title=GitHub’s official command line tool (source Git repository) |url=https://github.com/cli/cli |url-status=live |access-date=16 Sep 2025 |website=GitHub |archive-url=http://web.archive.org/web/20260128035607/https://github.com/cli/cli |archive-date=28 Jan 2026}}</ref> the platform itself is closed-source and proprietary.
*'''Transparency:''' While some tools like [https://cli.github.com/ the <code>gh</code> CLI] are open-source,<ref>{{Cite web |date=3 Oct 2019 |title=GitHub’s official command line tool (source Git repository) |url=https://github.com/cli/cli |url-status=live |access-date=16 Sep 2025 |website=GitHub |archive-url=http://web.archive.org/web/20260128035607/https://github.com/cli/cli |archive-date=28 Jan 2026}}</ref> the platform itself is closed-source.
*'''Market control:''' GH is the platform that hosts the most important repositories in the world.{{Citation needed|reason=or is it?|date=2026-05-11}} It's the standard-de-facto for hosting and managing source-code, often overshadowing platforms such as [[wikipedia:Codeberg|Codeberg]] and [[wikipedia:GitLab|GitLab]].
*'''Reliability:''' ever since Microsoft acquired it, GH's [[wikipedia:Uptime|uptime]] has degraded.<ref>https://damrnelson.github.io/github-historical-uptime/</ref> Projects such as [https://ghostty.org/ Ghostty] have left GH because of this.<ref>https://mitchellh.com/writing/ghostty-leaving-github</ref> There have been multiple incidents (elaborated in the next section), such as Git-history corruption and security vulnerabilities. GH has apologized and they plan to improve the situation.<ref>https://github.blog/news-insights/company-news/an-update-on-github-availability/</ref>


==Incidents==
==Incidents==


===Questions about data usage (2024-present)===
===Questions about data usage (2024-present)===
GitHub does not specifically tell you the data usage for AI with private repositories. This means that it might be using your data to train AI models by Microsoft like Copilot.<ref>{{Cite web |title=What specific data exactly will be send to Copilot? |url=https://github.com/orgs/community/discussions/59630 |access-date=7 September 2025 |website=GitHub |archive-url=http://web.archive.org/web/20250512172426/https://github.com/orgs/community/discussions/59630 |archive-date=12 May 2025}}</ref> Previously, Copilot exposed vital private repositories from big companies, raising even more concerns.<ref>{{Cite web |title=Copilot AI Exposes Private GitHub Code From Top Companies |url=https://digitalchew.com/2025/02/28/copilot-ai-exposes-private-github-code-from-top-companies/ |website=digitalchew.com |archive-url=http://web.archive.org/web/20250426141755/https://digitalchew.com/2025/02/28/copilot-ai-exposes-private-github-code-from-top-companies/ |archive-date=26 Apr 2025}}</ref>
GH does not specifically tell you the data usage for AI with private repositories. This means that it might be using your data to train AI models by Microsoft like Copilot.<ref>{{Cite web |title=What specific data exactly will be send to Copilot? |url=https://github.com/orgs/community/discussions/59630 |access-date=7 September 2025 |website=GitHub |archive-url=http://web.archive.org/web/20250512172426/https://github.com/orgs/community/discussions/59630 |archive-date=12 May 2025}}</ref> Previously, Copilot exposed vital private repositories from big companies, raising even more concerns.<ref>{{Cite web |title=Copilot AI Exposes Private GitHub Code From Top Companies |url=https://digitalchew.com/2025/02/28/copilot-ai-exposes-private-github-code-from-top-companies/ |website=digitalchew.com |archive-url=http://web.archive.org/web/20250426141755/https://digitalchew.com/2025/02/28/copilot-ai-exposes-private-github-code-from-top-companies/ |archive-date=26 Apr 2025}}</ref>


This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].


===Planned fees for self-hosted Action runners (2025-present)===
===Planned fees for self-hosted Action runners (2025-present)===
In December 2025, GitHub announced a new $0.002 per minute "cloud platform charge" for developers using self-hosted GitHub Actions runners on private repositories. It was due to take effect on March 1 2026, but seems to be postponed indefinitely. <ref>{{Cite web|title=Coming soon: simpler pricing and a better experience for GitHub Actions|website=GitHub|url=https://github.blog/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/}}</ref>
In December 2025, GH announced a new $0.002 per minute "cloud platform charge" for developers using self-hosted GH Actions runners on private repositories. It was due to take effect on March 1 2026, but seems to be postponed indefinitely. <ref>{{Cite web |title=Coming soon: simpler pricing and a better experience for GitHub Actions |url=https://github.blog/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/ |url-status=live |archive-url=https://megalodon.jp/2026-0326-0307-06/https://github.blog:443/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/ |archive-date=25 Mar 2026 |website=GitHub}}</ref>
 
===Whitelisting of email domains on new accounts===
[[File:GitHub email unverified.png|thumb|GH restricting the domains of emails you can use to create an account on their site, effectively blocking the use of email aliases to protect your privacy]]
When creating a new account on the platform, GH restricts the use of emails from certain domains, such as to disallow the usage of {{Wplink|email alias|email aliases}}. Which a user might use to preserve their privacy.


=== Whitelisting of e-mail domains on new accounts ===
===Buggy merge queue (2026, April)===
[[File:GitHub email unverified.png|thumb|GitHub Restricting the domains of emails you can use to create an account on their site, effectively blocking the use of email aliases to protect your privacy]]
On April 23, 2026, [[wikipedia:Distributed_version_control#Pull_requests|pull-requests]] (PRs) merged via merge-queue using the squash merge method produced incorrect merge commits when the merge group contained more than one PR. In affected cases, changes from previously merged PRs and prior commits were inadvertently reverted by subsequent merges.<ref>https://www.githubstatus.com/incidents/zsg1lk7w13cf</ref><ref>https://trunk.io/blog/what-happens-if-a-merge-queue-builds-on-the-wrong-commit</ref>
Upon creating a new GitHub account, GitHub restricts the use of certain domains. This often occurs upon the attempt to use an e-mail alias (a unique e-mail address that hides your true address, allowing you to disable incoming e-mails from spammers and advertisers. This disables the use of e-mail aliases and puts the users' privacy at risk.


===More info===
===RCE via <code>git push</code>===
[https://giveupgithub.org/ "Give Up GitHub"]
A [[wikipedia:Arbitrary_code_execution|remote code execution vulnerability]] was found that allowed abusing <code>git push</code> commands to read and write data to any <!-- not quite "any", it's more nuanced --> repository hosted by GH, including ''private'' ones.<ref>https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854</ref> GH fixed this bug quickly after it was reported to them.


==Products==
==Products==
{{Ph-C-P}}
{{Ph-C-P}}


==See also==
*Enterprise
{{Ph-C-SA}}
*Copilot
 
==External links==
 
*[https://giveupgithub.org/ "Give Up GitHub"]


==References==
==References==

Latest revision as of 02:37, 12 May 2026

⚠️This article has been marked as incomplete. Sourcing or verifiability needs additional work.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.
More info ▼

Articles must provide verifiable, credible evidence for their claims and avoid relying on forum posts, personal blogs, or other unverifiable sources. You can help by replacing weak citations with reputable reporting, corporate communications, receipts, repair logs, or independent investigative coverage that demonstrates the systemic relevance required by the Mission statement and Moderator Guidelines.

GitHub
Basic information
Founded 2008-02-08
Legal Structure Subsidiary
Industry Developer platform
Also known as
Official website https://www.github.com

Github (GH) is a proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GH itself provides access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, GH has been a subsidiary of Microsoft since 2018.

Consumer impact summary

[edit | edit source]
  • Privacy: GH is owned by Microsoft, raising questions about data usage. GH has recently engaged in aggressive Copilot integration.[1] Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with AI.[2][3][4]
  • Transparency: While some tools like the gh CLI are open-source,[5] the platform itself is closed-source.
  • Market control: GH is the platform that hosts the most important repositories in the world.[citation needed - or is it? (2026-05-11)] It's the standard-de-facto for hosting and managing source-code, often overshadowing platforms such as Codeberg and GitLab.
  • Reliability: ever since Microsoft acquired it, GH's uptime has degraded.[6] Projects such as Ghostty have left GH because of this.[7] There have been multiple incidents (elaborated in the next section), such as Git-history corruption and security vulnerabilities. GH has apologized and they plan to improve the situation.[8]

Incidents

[edit | edit source]

Questions about data usage (2024-present)

[edit | edit source]

GH does not specifically tell you the data usage for AI with private repositories. This means that it might be using your data to train AI models by Microsoft like Copilot.[9] Previously, Copilot exposed vital private repositories from big companies, raising even more concerns.[10]

This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the GitHub category.

Planned fees for self-hosted Action runners (2025-present)

[edit | edit source]

In December 2025, GH announced a new $0.002 per minute "cloud platform charge" for developers using self-hosted GH Actions runners on private repositories. It was due to take effect on March 1 2026, but seems to be postponed indefinitely. [11]

Whitelisting of email domains on new accounts

[edit | edit source]
GH restricting the domains of emails you can use to create an account on their site, effectively blocking the use of email aliases to protect your privacy

When creating a new account on the platform, GH restricts the use of emails from certain domains, such as to disallow the usage of email aliases. Which a user might use to preserve their privacy.

Buggy merge queue (2026, April)

[edit | edit source]

On April 23, 2026, pull-requests (PRs) merged via merge-queue using the squash merge method produced incorrect merge commits when the merge group contained more than one PR. In affected cases, changes from previously merged PRs and prior commits were inadvertently reverted by subsequent merges.[12][13]

RCE via git push

[edit | edit source]

A remote code execution vulnerability was found that allowed abusing git push commands to read and write data to any repository hosted by GH, including private ones.[14] GH fixed this bug quickly after it was reported to them.

Products

[edit | edit source]

This is a list of the company's product lines with articles on this wiki.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


  • Enterprise
  • Copilot
[edit | edit source]

References

[edit | edit source]
  1. https://github.com/features/copilot (Archived)
  2. https://itsfoss.com/news/gentoo-github-switch-begins/ (Archived)
  3. https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg (Archived)
  4. Kelley, Andrew (2025-11-26). "Migrating from GitHub to Codeberg". ⚡ Zig Programming Language. Archived from the original on 2026-03-03. Retrieved 2026-03-16.
  5. "GitHub's official command line tool (source Git repository)". GitHub. 3 Oct 2019. Archived from the original on 28 Jan 2026. Retrieved 16 Sep 2025.
  6. https://damrnelson.github.io/github-historical-uptime/
  7. https://mitchellh.com/writing/ghostty-leaving-github
  8. https://github.blog/news-insights/company-news/an-update-on-github-availability/
  9. "What specific data exactly will be send to Copilot?". GitHub. Archived from the original on 12 May 2025. Retrieved 7 September 2025.
  10. "Copilot AI Exposes Private GitHub Code From Top Companies". digitalchew.com. Archived from the original on 26 Apr 2025.
  11. "Coming soon: simpler pricing and a better experience for GitHub Actions". GitHub. Archived from the original on 25 Mar 2026.
  12. https://www.githubstatus.com/incidents/zsg1lk7w13cf
  13. https://trunk.io/blog/what-happens-if-a-merge-queue-builds-on-the-wrong-commit
  14. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Retrieved from "https://consumerrights.wiki/index.php?title=GitHub&oldid=53380"