Still (@still@infosec.exchange)
infosec.exchange
Attached: 3 images tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it. Apparently China now has their own GitHub/public Git repository hosting service called GitCode; it is owned and operated by CSDN under the company name "重庆开源共创科技有限公司". It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.

GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.

It is being reported that many users’ repository are being cloned and re-hosted on GitCode without explicit authorization.

There is also a thread on Ycombinator (archived link)

  • Tramort@programming.devEnglish
    632·
    5 months ago

    That’s the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.

    • Morphit @feddit.ukEnglish
      501·
      5 months ago

      How will they filter it out? If they just don’t mirror anything with ‘forbidden’ terms, we can poison repos to prevent them being mirrored. If they try to tamper with the repo histories then they’ll end up breaking a load of stuff that relies on consistent git hashes.

      • jorp@lemmy.worldEnglish
        14·
        5 months ago

        I feel like the effort to make such a repo and make it popular enough to be cloned and rehosted is a lot more effort than someone manually checking the results of an automated filter process.

        The “effort economy” is hugely in favor of the mirroring side

    • bionicjoey@lemmy.caEnglish
      19·
      5 months ago

      Yeah I figured as much. It was mostly a joke. At the end of the day, if stuff is on GH, people can take it. It’s barely even stealing. Unless the license disagrees of course but then you were putting a lot of trust in society by making it public in the first place.

      • jaybone@lemmy.worldEnglish
        3·
        5 months ago

        That’s what I don’t get about this. Why does anyone care? Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.

        • bionicjoey@lemmy.caEnglish
          3·
          5 months ago

          Apparently they aren’t respecting licenses. It’s possible to have source code publicly available on GH but have it not be truly FOSS. But that’s generally not a great idea since you’re effectively relying on the honour system for people not to take your code.

    • Azzu@lemm.eeEnglish
      191·
      5 months ago

      The real solution is to include a few tiananmenSquare variables in all the repositories. Either they exclude the entire repository or just the specific file, in either case the entire project may be unusable.

      • BeigeAgenda@lemmy.caEnglish
        8·
        5 months ago

        It’s a new coding paradigm, I will take some time getting used to looking for libraries in the uyghur/tianamen folder.

      • Tramort@programming.devEnglish
        1·
        5 months ago

        China filters every byte of Internet traffic in and out of the country.

        It seems naive to think they can’t accomplish the same thing for a GitHub mirror.

        • Azzu@lemm.eeEnglish
          1·
          5 months ago

          They’re not supposed to, it’s just about blocking them from using the software :)