Consumer Rights Wiki

GitHub: Difference between revisions

← Older edit
VisualWikitext
Rudxain (talk | contribs)
confirmed, superconfirmed
1,004 edits
use initialism, because there's too many occurrences of "GitHub"
Rudxain (talk | contribs)
confirmed, superconfirmed
1,004 edits
old incident: restricting accounts of "foreign" users
 
(8 intermediate revisions by 3 users not shown)
Line 6: Line 6:
|Type=Subsidiary
|Type=Subsidiary
|Website=https://www.github.com
|Website=https://www.github.com
}}
|Industry=Developer platform}}
'''GitHub''' (GH) is a proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GH itself provides access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, GH has been a subsidiary of [[Microsoft]] since 2018.
 
'''{{Wplink|Github}}''' (GH) is a proprietary developer platform that allows developers to create, store, manage, and share their code. It uses {{Wplink|Git}} to provide distributed version control and GH itself provides access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, GH has been a subsidiary of [[Microsoft]] since 2018.


==Consumer impact summary==
==Consumer impact summary==
{{Ph-C-CIS}}
*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot ([https://megalodon.jp/2026-0326-0304-56/https://github.com:443/features/copilot Archived])</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with [[Artificial intelligence|AI]].<ref> https://itsfoss.com/news/gentoo-github-switch-begins/ ([https://megalodon.jp/2026-0326-0305-45/https://itsfoss.com:443/news/gentoo-github-switch-begins/ Archived])</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg ([https://megalodon.jp/2026-0326-0306-04/https://www.linuxjournal.com:443/content/gentoo-charts-new-path-moving-away-github-toward-codeberg Archived])</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>
*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with AI.<ref> https://itsfoss.com/news/gentoo-github-switch-begins/</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>


*'''Transparency:''' While some tools like [https://cli.github.com/ the <code>gh</code> CLI] are open-source,<ref>{{Cite web |date=3 Oct 2019 |title=GitHub’s official command line tool (source Git repository) |url=https://github.com/cli/cli |url-status=live |access-date=16 Sep 2025 |website=GitHub |archive-url=http://web.archive.org/web/20260128035607/https://github.com/cli/cli |archive-date=28 Jan 2026}}</ref> the platform itself is closed-source and proprietary.
*'''Transparency:''' While some tools like [https://cli.github.com/ the <code>gh</code> CLI] are open-source,<ref>{{Cite web |date=3 Oct 2019 |title=GitHub’s official command line tool (source Git repository) |url=https://github.com/cli/cli |url-status=live |access-date=16 Sep 2025 |website=GitHub |archive-url=http://web.archive.org/web/20260128035607/https://github.com/cli/cli |archive-date=28 Jan 2026}}</ref> the platform itself is closed-source.
*'''Market control:''' GH is the platform that hosts the most important repositories in the world.{{Citation needed|reason=or is it?|date=2026-05-11}} It's the standard-de-facto for hosting and managing source-code, often overshadowing platforms such as [[wikipedia:Codeberg|Codeberg]] and [[wikipedia:GitLab|GitLab]].
*'''Reliability:''' ever since Microsoft acquired it, GH's [[wikipedia:Uptime|uptime]] has degraded.<ref>https://damrnelson.github.io/github-historical-uptime/</ref> Projects such as [https://ghostty.org/ Ghostty] have left GH because of this.<ref>https://mitchellh.com/writing/ghostty-leaving-github</ref> There have been multiple incidents (elaborated in the next section), such as Git-history corruption and security vulnerabilities. GH has apologized and they plan to improve the situation.<ref>https://github.blog/news-insights/company-news/an-update-on-github-availability/</ref>


==Incidents==
==Incidents==
=== Restricting accounts of "foreign" users (2019) ===
Due to trade sanctions from U.S.A., GH began restricting and even suspending accounts of any user who logged in from an affected country.<ref>https://github.com/tkashkin/GameHub/issues/289</ref>


===Questions about data usage (2024-present)===
===Questions about data usage (2024-present)===
Line 23: Line 28:


===Planned fees for self-hosted Action runners (2025-present)===
===Planned fees for self-hosted Action runners (2025-present)===
In December 2025, GH announced a new $0.002 per minute "cloud platform charge" for developers using self-hosted GH Actions runners on private repositories. It was due to take effect on March 1 2026, but seems to be postponed indefinitely. <ref>{{Cite web|title=Coming soon: simpler pricing and a better experience for GitHub Actions|website=GitHub|url=https://github.blog/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/}}</ref>
In December 2025, GH announced a new $0.002 per minute "cloud platform charge" for developers using self-hosted GH Actions runners on private repositories. It was due to take effect on March 1 2026, but seems to be postponed indefinitely. <ref>{{Cite web |title=Coming soon: simpler pricing and a better experience for GitHub Actions |url=https://github.blog/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/ |url-status=live |archive-url=https://megalodon.jp/2026-0326-0307-06/https://github.blog:443/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/ |archive-date=25 Mar 2026 |website=GitHub}}</ref>


===Whitelisting of e-mail domains on new accounts===
===Whitelisting of email domains on new accounts===
[[File:GitHub email unverified.png|thumb|GH restricting the domains of emails you can use to create an account on their site, effectively blocking the use of email aliases to protect your privacy]]
[[File:GitHub email unverified.png|thumb|GH restricting the domains of emails you can use to create an account on their site, effectively blocking the use of email aliases to protect your privacy]]
Upon creating a new GH account, GH restricts the use of certain domains. This often occurs upon the attempt to use an e-mail alias (a unique e-mail address that hides your true address, allowing you to disable incoming e-mails from spammers and advertisers. This disables the use of e-mail aliases and puts the users' privacy at risk.
When creating a new account on the platform, GH restricts the use of emails from certain domains, such as to disallow the usage of {{Wplink|email alias|email aliases}}. Which a user might use to preserve their privacy.


===More info===
===Buggy merge queue (2026, April)===
[https://giveupgithub.org/ "Give Up GitHub"]
On April 23, 2026, [[wikipedia:Distributed_version_control#Pull_requests|pull-requests]] (PRs) merged via merge-queue using the squash merge method produced incorrect merge commits when the merge group contained more than one PR. In affected cases, changes from previously merged PRs and prior commits were inadvertently reverted by subsequent merges.<ref>https://www.githubstatus.com/incidents/zsg1lk7w13cf</ref><ref>https://trunk.io/blog/what-happens-if-a-merge-queue-builds-on-the-wrong-commit</ref>
 
===RCE via <code>git push</code>===
A [[wikipedia:Arbitrary_code_execution|remote code execution vulnerability]] was found that allowed abusing <code>git push</code> commands to read and write data to any <!-- not quite "any", it's more nuanced --> repository hosted by GH, including ''private'' ones.<ref>https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854</ref> GH fixed this bug quickly after it was reported to them.


==Products==
==Products==
{{Ph-C-P}}
{{Ph-C-P}}


==See also==
*Enterprise
{{Ph-C-SA}}
*Copilot
 
==External links==
 
*[https://giveupgithub.org/ "Give Up GitHub"]


==References==
==References==
Retrieved from "https://consumerrights.wiki/w/GitHub"