Github users are worried that a restriction on repository-level code searches on the platform—which now require a login—is a blow against the open-source software movement, as well as a data grab by Github parent company Microsoft.
Repositories on Github are codebases that developers use to store their projects and can include folders, files, images, datasets, or any sort of assets necessary for the project to function, as well as code. Public repositories can encourage and facilitate collaboration by allowing outside developers to review the project and version history, as well as contribute their own code or “fork” the repository, i.e. create a copy of the project and modify it for their own purposes.
But all that is coming under threat, users say, with the new login requirement by Github to search the repositories. Even worse, some users are accusing Microsoft, which bought Github for $7.5 billion worth of its own stock in 2018, of putting the login requirement into place to scrape even more data from its users.
“This is revolting and an anathema to the open-source movement. A movement, I might add, Microsoft is abusing here,” posted user koepnick on the Github community forum on Sunday.
“[W]hat possible reason is there?!” asked koepnick. “Do you NOT have enough of our data? Is it not enough to monetize every bowel movement, you now feel the need to track which individual lines of code I’m browsing?”
They went on to say that they’d no longer be creating new projects on GitHub, not least because they want people to be able to search their codebase.
“I want them to be useful to the public,” koepnick wrote. “Anybody reading this needs to realize something: Every time you create something new here, future audiences will only be able to search your code after bending the knee to Microsoft.”
Github came under criticism last year after some developers accused Copilot, the company’s AI code-writing assistant tool, of reusing chunks of their code without any attribution.
Martin Woodward, Github’s VP of Developer Relations replied to the Github community thread and claimed that the new repository search login requirement was just an extension of a previous policy that required logins for somse searching.
“This is primarily to ensure we can support the load for developers on GitHub and help protect the servers from being overwhelmed by anonymous requests from bots etc.,” he wrote.
But not everybody bought that this was the reason.
“It’s naive to think that login requirement will stop any dedicated bot operator,” wrote one user.
“Surely there are other ways to limit bots, like adding a rate limit and if that’s reached, then requiring CAPTCHA or login?” asked another user. “It’s a constant source of nuisance when browsing in private/incognito mode.”
Instead, they echoed the concern that the policy was a move against open-source coding.
“Microsoft is closing the door on open source. Who woulda thought that could happen. Oh right,” wrote one.
Other users questioned the idea that it was actually a move against open-source.
“As an Enterprise Customer we needed better search which required this level of security,” wrote one user. “Granted it could have been made optional but given that AI models of our code are being used for major new Co-Pilot features security had to be heavily considered.”
But one user doubted that such a measure was really necessary for security.
“Google can search the entire Internet, hosted on other people’s computers, in an instant, with no throttling, and no logging in …. [b]ut Microsoft can’t manage to allow anonymous unthrottled searching on a miniscule FRACTION of the web on their OWN SERVERS?
“If your technical reasoning is true, it’s an indictment of Microsoft’s technical capabilities.”