844
China is attempting to mirror the entire GitHub over to their own servers, users report
(infosec.exchange)
This is a most excellent place for technology news and articles.
That's the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.
How will they filter it out? If they just don't mirror anything with 'forbidden' terms, we can poison repos to prevent them being mirrored. If they try to tamper with the repo histories then they'll end up breaking a load of stuff that relies on consistent git hashes.
I feel like the effort to make such a repo and make it popular enough to be cloned and rehosted is a lot more effort than someone manually checking the results of an automated filter process.
The "effort economy" is hugely in favor of the mirroring side
Yeah I figured as much. It was mostly a joke. At the end of the day, if stuff is on GH, people can take it. It's barely even stealing. Unless the license disagrees of course but then you were putting a lot of trust in society by making it public in the first place.
That’s what I don’t get about this. Why does anyone care? Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Apparently they aren't respecting licenses. It's possible to have source code publicly available on GH but have it not be truly FOSS. But that's generally not a great idea since you're effectively relying on the honour system for people not to take your code.
Until it isn't. Perhaps they are preparing for a future war with the US and assume their access to all that code will be blocked. They want to copy it now while they have access.
Good point.
The real solution is to include a few
tiananmenSquare
variables in all the repositories. Either they exclude the entire repository or just the specific file, in either case the entire project may be unusable.It's a new coding paradigm, I will take some time getting used to looking for libraries in the
uyghur/tianamen
folder.China filters every byte of Internet traffic in and out of the country.
It seems naive to think they can't accomplish the same thing for a GitHub mirror.
They're not supposed to, it's just about blocking them from using the software :)
So... You're saying instead of "main", "app", or "core", we should change the convention to make tiananmenSquare the entry point for apps?
Or maybe make it the filename for utils, so it'll just break
For example.
But honestly I was more joking. The thing that makes most projects useful is the developers developing it, and they can't clone that