GitHub: Difference between revisions

Line 11:

==Consumer impact summary==

~~{{Ph-C-CIS}}~~

*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot ([https://megalodon.jp/2026-0326-0304-56/https://github.com:443/features/copilot Archived])</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with [[Artificial intelligence|AI]].<ref> https://itsfoss.com/news/gentoo-github-switch-begins/ ([https://megalodon.jp/2026-0326-0305-45/https://itsfoss.com:443/news/gentoo-github-switch-begins/ Archived])</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg ([https://megalodon.jp/2026-0326-0306-04/https://www.linuxjournal.com:443/content/gentoo-charts-new-path-moving-away-github-toward-codeberg Archived])</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>

*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot ([https://megalodon.jp/2026-0326-0304-56/https://github.com:443/features/copilot Archived])</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with AI.<ref> https://itsfoss.com/news/gentoo-github-switch-begins/ ([https://megalodon.jp/2026-0326-0305-45/https://itsfoss.com:443/news/gentoo-github-switch-begins/ Archived])</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg ([https://megalodon.jp/2026-0326-0306-04/https://www.linuxjournal.com:443/content/gentoo-charts-new-path-moving-away-github-toward-codeberg Archived])</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>

*'''Transparency:''' While some tools like [https://cli.github.com/ the <code>gh</code> CLI] are open-source,<ref>{{Cite web |date=3 Oct 2019 |title=GitHub’s official command line tool (source Git repository) |url=https://github.com/cli/cli |url-status=live |access-date=16 Sep 2025 |website=GitHub |archive-url=http://web.archive.org/web/20260128035607/https://github.com/cli/cli |archive-date=28 Jan 2026}}</ref> the platform itself is closed-source and proprietary.

*'''Market control:''' GH is the platform that hosts the most important repositories in the world.{{Citation needed|reason=or is it?|date=2026-05-11}} It's the standard-de-facto for hosting and managing source-code, often overshadowing platforms such as [[wikipedia:Codeberg|Codeberg]] and [[wikipedia:GitLab|GitLab]].

*'''Reliability:''' ever since Microsoft acquired it, GH's uptime has degraded.<ref>https://damrnelson.github.io/github-historical-uptime/</ref> There have been multiple incidents (elaborated in the next section), such as Git-history corruption and security vulnerabilities. They've apologized and plan to improve the situation.<ref>https://github.blog/news-insights/company-news/an-update-on-github-availability/</ref>

==Incidents==

Line 30:

Line 31:

When creating a new account on the platform, GH restricts the use of emails from certain domains, such as to disallow the usage of {{Wplink|email alias|email aliases}}. Which a user might use to preserve their privacy.

===~~More info~~===

===Buggy merge queue (2026, April)===

[https://~~giveupgithub~~.~~org~~/ "~~Give Up GitHub~~"]

On April 23, 2026, [[wikipedia:Distributed_version_control#Pull_requests|pull-requests]] (PRs) merged via merge-queue using the squash merge method produced incorrect merge commits when the merge group contained more than one PR. In affected cases, changes from previously merged PRs and prior commits were inadvertently reverted by subsequent merges.<ref>https://www.githubstatus.com/incidents/zsg1lk7w13cf</ref><ref>https://trunk.io/blog/what-happens-if-a-merge-queue-builds-on-the-wrong-commit</ref>

=== RCE via <code>git push</code> (2026, March) ===

A [[wikipedia:Arbitrary_code_execution|remote code execution vulnerability]] was found that allowed abusing <code>git push</code> commands to read and write data to any  repository hosted by GH, including ''private'' ones.<ref>https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854</ref> GH fixed this bug quickly after it was reported to them.

==Products==

==~~See also~~==

*Enterprise

~~{{Ph-C-SA}}~~

*Copilot

==External links==

*[https://giveupgithub.org/ "Give Up GitHub"]

==References==

@@ Line 11: / Line 11: @@
 ==Consumer impact summary==
-{{Ph-C-CIS}}
+*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot ([https://megalodon.jp/2026-0326-0304-56/https://github.com:443/features/copilot Archived])</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with [[Artificial intelligence|AI]].<ref> https://itsfoss.com/news/gentoo-github-switch-begins/ ([https://megalodon.jp/2026-0326-0305-45/https://itsfoss.com:443/news/gentoo-github-switch-begins/ Archived])</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg ([https://megalodon.jp/2026-0326-0306-04/https://www.linuxjournal.com:443/content/gentoo-charts-new-path-moving-away-github-toward-codeberg Archived])</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>
-*'''Privacy:''' GH is owned by [[Microsoft]], raising questions about data usage. GH has recently engaged in aggressive Copilot integration.<ref>https://github.com/features/copilot ([https://megalodon.jp/2026-0326-0304-56/https://github.com:443/features/copilot Archived])</ref> Many projects such as the Gentoo Linux project, have left GH due to the privacy and security concerns associated with AI.<ref> https://itsfoss.com/news/gentoo-github-switch-begins/ ([https://megalodon.jp/2026-0326-0305-45/https://itsfoss.com:443/news/gentoo-github-switch-begins/ Archived])</ref><ref> https://www.linuxjournal.com/content/gentoo-charts-new-path-moving-away-github-toward-codeberg ([https://megalodon.jp/2026-0326-0306-04/https://www.linuxjournal.com:443/content/gentoo-charts-new-path-moving-away-github-toward-codeberg Archived])</ref><ref>{{Cite web |last=Kelley |first=Andrew |date=2025-11-26 |title=Migrating from GitHub to Codeberg |url=https://ziglang.org/news/migrating-from-github-to-codeberg/ |url-status=live |archive-url=https://web.archive.org/web/20260303052544/https://ziglang.org/news/migrating-from-github-to-codeberg |archive-date=2026-03-03 |access-date=2026-03-16 |website=⚡ Zig Programming Language}}</ref>
 *'''Transparency:''' While some tools like [https://cli.github.com/ the <code>gh</code> CLI] are open-source,<ref>{{Cite web |date=3 Oct 2019 |title=GitHub’s official command line tool (source Git repository) |url=https://github.com/cli/cli |url-status=live |access-date=16 Sep 2025 |website=GitHub |archive-url=http://web.archive.org/web/20260128035607/https://github.com/cli/cli |archive-date=28 Jan 2026}}</ref> the platform itself is closed-source and proprietary.
+*'''Market control:''' GH is the platform that hosts the most important repositories in the world.{{Citation needed|reason=or is it?|date=2026-05-11}} It's the standard-de-facto for hosting and managing source-code, often overshadowing platforms such as [[wikipedia:Codeberg|Codeberg]] and [[wikipedia:GitLab|GitLab]].
+*'''Reliability:''' ever since Microsoft acquired it, GH's uptime has degraded.<ref>https://damrnelson.github.io/github-historical-uptime/</ref> There have been multiple incidents (elaborated in the next section), such as Git-history corruption and security vulnerabilities. They've apologized and plan to improve the situation.<ref>https://github.blog/news-insights/company-news/an-update-on-github-availability/</ref>
 ==Incidents==
@@ Line 30: / Line 31: @@
 When creating a new account on the platform, GH restricts the use of emails from certain domains, such as to disallow the usage of {{Wplink|email alias|email aliases}}. Which a user might use to preserve their privacy.
-===More info===
+===Buggy merge queue (2026, April)===
-[https://giveupgithub.org/ "Give Up GitHub"]
+On April 23, 2026, [[wikipedia:Distributed_version_control#Pull_requests|pull-requests]] (PRs) merged via merge-queue using the squash merge method produced incorrect merge commits when the merge group contained more than one PR. In affected cases, changes from previously merged PRs and prior commits were inadvertently reverted by subsequent merges.<ref>https://www.githubstatus.com/incidents/zsg1lk7w13cf</ref><ref>https://trunk.io/blog/what-happens-if-a-merge-queue-builds-on-the-wrong-commit</ref>
+=== RCE via <code>git push</code> (2026, March) ===
+A [[wikipedia:Arbitrary_code_execution|remote code execution vulnerability]] was found that allowed abusing <code>git push</code> commands to read and write data to any <!-- not quite "any", it's more nuanced --> repository hosted by GH, including ''private'' ones.<ref>https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854</ref> GH fixed this bug quickly after it was reported to them.
 ==Products==
 {{Ph-C-P}}
-==See also==
+*Enterprise
-{{Ph-C-SA}}
+*Copilot
+==External links==
+*[https://giveupgithub.org/ "Give Up GitHub"]
 ==References==