Github and _why

I’m about to get very nasty responses but this absolutely is a very bad
situation.

Github nor anyone else has no business whatsoever touching one single
byte
of data that _why deleted from his account. This would be an absolutely
ridiculous precedent to set and in complete violation of their privacy
policy which clearly says Github has no rights to any data stored on
their
servers.

I appreciate the loss of a lot of valuable information can be viewed as
a
great loss to the community - but that doesn’t give anyone the right to
break down a door and take what they please because they fear they won’t
be
able to access it anymore.

Should we just stop at Github or go after the people that hosted his
domains
as well?

Any snapshots or such that don’t run afoul of any copyrights noted are
perfectly fair game - but to break into a deleted repository and take
what
you please is just atrocious behaviour on every one’s part.

John W Higgins

On Fri, Aug 21, 2009 at 9:38 AM, John W Higgins[email protected]
wrote:

Github nor anyone else has no business whatsoever touching one single byte
of data that _why deleted from his account. This would be an absolutely
ridiculous precedent to set and in complete violation of their privacy
policy which clearly says Github has no rights to any data stored on their
servers.

What are you talking about?

Ben

On Fri, Aug 21, 2009 at 9:43 AM, Ben B. [email protected]
wrote:

http://support.github.com/discussions/repos/1191-_why-is-missing-seeking-help-from-github-to-reconstruct

On Fri, Aug 21, 2009 at 9:45 AM, John W Higgins[email protected]
wrote:

http://support.github.com/discussions/repos/1191-_why-is-missing-seeking-help-from-github-to-reconstruct

Perhaps that link would have been useful in your original post.

While I do think that it’s kind of a dick move to not respect _why’s
deletion of his repos, I think your arguments here are flawed. It’s
not a violation of privacy to publish open source code. It’s no
different than those of us who had local repos republishing them.
This is the nature of open source software… it lives on even after
the original creator goes away.

Ben

On Fri, Aug 21, 2009 at 10:38 AM, John W Higgins [email protected]
wrote:

Github nor anyone else has no business whatsoever touching one single byte
of data that _why deleted from his account. This would be an absolutely
ridiculous precedent to set and in complete violation of their privacy
policy which clearly says Github has no rights to any data stored on their
servers.

Do concepts like open source and distributed source control escape you?
It
may be that _why has moved on, but his source code will live on without
him.

On Fri, Aug 21, 2009 at 10:05 AM, Tony A. [email protected] wrote:

Do concepts like open source and distributed source control escape you? It
may be that _why has moved on, but his source code will live on without
him.

You apparantly chose to not read the entire message.

“Any snapshots or such that don’t run afoul of any copyrights noted are
perfectly fair game - but to break into a deleted repository and take
what
you please is just atrocious behaviour on every one’s part.”

I get the concept - I just don’t think you get to break down my door
because
I stopped giving access to the code. Are you saying that open source
means
that if I had code on a server that I controlled in a data center that
the
community has rights to break into the data center and take backup
drives
because I stopped giving access to it? I’ve never said that open source
code
can’t be promogated in any way people want - it just doesn’t give folks
the
right to break into things to get access once I’ve taken it down.

If I’ve misunderstood some concept on Github or some other notion that’s
fine - I just wish Github would say that we have no control over
anything
once it lands there and that’s that. People need to be able to make
choices.
Just because I open source something doesn’t mean I’m going to give
access
to it forever. It means (at least to me) that people are allowed to copy
and
do as they please - but not abuse my resources/accounts or to override
decisions I make in terms of availability of something.

John

2009/8/21 John W Higgins [email protected]:

their

can’t be promogated in any way people want - it just doesn’t give folks the
right to break into things to get access once I’ve taken it down.

If I’ve misunderstood some concept on Github or some other notion that’s
fine - I just wish Github would say that we have no control over anything
once it lands there and that’s that. People need to be able to make choices.
Just because I open source something doesn’t mean I’m going to give access
to it forever. It means (at least to me) that people are allowed to copy and
do as they please - but not abuse my resources/accounts or to override
decisions I make in terms of availability of something.

Well, I guess you are missing something. When you opensource your
code you give anybody the right to copy your code, even the owner of
a server on which you uploaded the code yourself.

It’s still opensource even if it is a backup of a project you deleted.
This may be different for other data related to the project but an
opensource repository is clearly free to copy and upload as much as
anybody wishes. That’s the right you have explicitly given by making
your code opensource. The right stands even if you later change your
mind. That’s the advantage of opensource code - once you get it you
get to keep and share it as much as you want.

And I do not see how anyone is breaking into anything when someone
sifts through their own pile of backup tapes.

Thanks

Michal

My apologies to everyone - apparantly I’ve missed the boat completely on
this one.

Please have a great weekend everyone

John

On 21.08.2009 19:05, Tony A. wrote:

On Fri, Aug 21, 2009 at 10:38 AM, John W Higgins [email protected] wrote:

Github nor anyone else has no business whatsoever touching one single byte
of data that _why deleted from his account. This would be an absolutely
ridiculous precedent to set and in complete violation of their privacy
policy which clearly says Github has no rights to any data stored on their
servers.

Do concepts like open source and distributed source control escape you? It
may be that _why has moved on, but his source code will live on without him.

That’s not the point. John’s point is - and I fully subscribe to it -
that convenience arguments are not allowed to break contracts: /if/ the
terms of operation of github (that everybody subscribes to) prohibit
access to account data after it has been willfully deleted by the
account owner then nobody must try to recover them only to prevent the
inconvenience that the community needs to resort to forks or other
copies of the material.

If people fight for their freedom of information and mistrust Google for
actually or allegedly abusing user data then it is a bad idea to call
for violation of rules if it serves their convenience.

It seems indeed that github’s terms prevent access after account
deletion:

Cancellation and Termination

1. You are solely responsible for properly canceling your account.

An email or phone request to cancel your account is not considered
cancellation. You can cancel your account at any time by clicking on the
Account link in the global navigation bar at the top of the screen. The
Account screen provides a simple no questions asked cancellation link.

2. All of your Content will be immediately deleted from the Service

upon cancellation. This information can not be recovered once your
account is cancelled.

http://github.com/site/terms

Data Storage

Logical Awesome uses third party vendors and hosting partners to provide
the necessary hardware, software, networking, storage, and related
technology required to run GitHub. Although Logical Awesome owns the
code, databases, and all rights to the GitHub application, you retain
all rights to your data.

http://github.com/site/privacy

Kind regards

robert

On Fri, Aug 21, 2009 at 12:13 PM, John W Higgins[email protected]
wrote:

I get the concept

It’s pretty clear you don’t.

I just don’t think you get to break down my door because
I stopped giving access to the code.

No doors are being broken down. Making copies of backup files
available for access (again) doesn’t make the original versions go
away. The guy wasn’t giving his actual files away even before this
happened, he was giving away copies of the files, copies that were
licensed with rights to redistribute no less.

Making a copy of a file doesn’t make anyone lose the original version
like your broken door analogy implies. This is very different than
someone stealing your coffee table… it can’t be copied like a file
can. The files were open source and they still are. This is how open
source works. This particular code certainly isn’t the first to be
resurrected from a no-longer-interested open source developer, and it
won’t be the last.

Honestly it’s just one guy, it’s not that big of a deal. I think the
chunky bacon stuff was fairly silly anyway, it’s certainly not how I
prefer to go about learning. And it’s not like there aren’t enough
smart people around to continue forward progress with the code if the
need exists.

For the life of me I can’t understand why any anyone even cares about
this. Wouldn’t you be more interested in discussing Rails3 or
something?

On Sat, 22 Aug 2009 01:45:26 +0900, John W Higgins wrote:

data stored on
their
servers.

What are you talking about?

http://support.github.com/discussions/repos/1191-_why-is-missing-
seeking-help-from-github-to-reconstruct

I think you may be overreacting, because it sounds like in addition to
some questions about what they can legally do about revealing the
contents of the delted account, most of the issues there are bugs in the
GitHub interface, and continuity issues that need a just a little bit of
GitHub’s help.

I just want to be clear as well at this point that I apparantly
misunderstood the original response to the Github support question and
they
never planned on recovering information from the account.

I just don’t want anything to think Github is doing something wrong here
(if
you ever thought they were possibly). I apparantly really messed this
one up
badly.

I can’t even blame not having had a morning coffee when I wrote the
email
because I don’t drink coffee.

John

2009/8/21 Robert K. [email protected]:

their
account data after it has been willfully deleted by the account owner then

http://github.com/site/terms

Data Storage

Logical Awesome uses third party vendors and hosting partners to provide the
necessary hardware, software, networking, storage, and related technology
required to run GitHub. Although Logical Awesome owns the code, databases,
and all rights to the GitHub application, you retain all rights to your
data.

Still if somebody has a branch of the project hosted on github the
repository of the deleted project is also a part of their project.

It is only a storage optimization to not clone the entire repository
each time a new fork/branch project is created.

To provide uninterrupted service to users who have such project on
github the repositories should not have been removed in the first
place.

Thanks

Michal

On Fri, 21 Aug 2009 12:52:45 -0500, John W Higgins wrote:

… because I don’t drink coffee.

John

There’s your problem
You have a good weekend as well.

cheers,

On 21 Aug 2009, at 18:45, Robert K. wrote:

on their
by the account owner then nobody must try to recover them only to
prevent the inconvenience that the community needs to resort to
forks or other copies of the material.

If people fight for their freedom of information and mistrust Google
for actually or allegedly abusing user data then it is a bad idea to
call for violation of rules if it serves their convenience.

Indeed the right to use and redistribute code as enshrined in Open
Source licenses has no bearing on the author’s right to dispose of the
original sources how they like. That’s the whole point of licensing
certain rights - it’s no limitation on the rights you don’t license.

Ellie

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net

raise ArgumentError unless @reality.responds_to? :reason

On Fri, Aug 21, 2009 at 1:45 PM, Robert
Klemme[email protected] wrote:

2. All of your Content will be immediately deleted from the Service upon
   cancellation. This information can not be recovered once your account is
   cancelled.

IANAL but…

First as I read this it seems to apply to termination of paid github
accounts.

Github has both paid and unpaid accounts. They provide free accounts
for open source projects. All git repositories for unpaid accounts are
publicly accessible.

Paid accounts can have both public and private repositories.

Now I don’t know if _why’s account was paid or not, but the
repositories in question were clearly public.

Getting back to those terms of service, I may be wrong, but it seems
clear to me that this is about giving github the right to delete data
from a paid account if and when the account holder wants to stop
paying for the account and cancel it. If you cancel YOU will lose
access to the data through that account, it’s not necessarily a
promise to delete the data immediately or even ever (see the third
point below) but a warning that it is a (likely) consequence of
canceling the account.

Second. Here is the license from the hpricot gem (which used to be on
github along with other stuff), I’d suspect that _why used a similar
license for all his stuff:

file COPYING

Copyright © 2006 why the lucky stiff

Permission is hereby granted, free of charge, to any person obtaining a
copy
of this software and associated documentation files (the “Software”), to
deal in the Software without restriction, including without limitation
the
rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or
sell copies of the Software, and to permit persons to whom the Software
is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included
in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

So as is typical of an open source license anyone who has a copy of
the code is free to “use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons
to whom the Software is
furnished to do so” as long as any such copies retain his copyright
AND the license.

The very purpose of this restriction is to ensure eternal availability
of the software no matter what the original author does.

The social contract of open source relies on the promise of perpetuity
of such a license grant.

Third

If you haven’t been using github you might not realize that it
actually consists of networks of repositories. It leverages the
distributed nature of git, and provides a “social network” repository
which has powerfully altered the open-source experience for those who
use it. Git (and github) encourages forking a repository by cloning
it in order to customize someone elses open source, and in many cases
to contribute back. Instead of submitting a patch to one of the
maintainers and hope that it gets accepted into the mainline, you can
have your own repo, make changes, and yes, submit patches (or pull
requests) to the maintainer. Even if your contributions aren’t
accepted, you can maintain your changes on a branch and keep it up to
date with the mainline because git makes this much easier that older
scm systems.

Now one of the features of the git architecture is that, rather than
keeping deltas between versions, it keeps the source code in
‘content-addressible’ files names with a sha hash of their contents.
This keeps the repository physically small because typically few files
change between any given commit and its parent, so there is a lot of
sharing of physical files between commits. This content
addressibility is also what makes exchanging/syncing distributed
versions of git repositories so easy.

I don’t know this for sure, but it’s quite possible that github
actually shares the files between different forks of a repository
which are on github.

In this case if an account is cancelled which has public repositories
which have been forked, the “data” couldn’t be simply deleted without
killing the forks. Instead, github would need to cut the ties between
the canceled account and the data, but not delete the data itself.

Think of it as a garbage collection problem, you don’t delete data
which has live references from ANY accounts repository.

And if it’s not the case, it’s clear that github wouldn’t intend the
cancelation clause to mean that OTHER users copies of the data in
forked repositories would be deleted underneath them.

I suspect that what really happened is that this might have been the
first time that an account with public repositories (or at least one
with such widespread interest) got cancelled, and exposed some bugs in
the ‘cut the ties’ code, or more likely in the github ui code which
allows you to navigate between forks.

But the bottom line is that preservation of the code is clearly
permitted by the very licenses under which _why originally published
them.

–
Rick DeNatale

Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale

On Sat, 22 Aug 2009, lith wrote:

What good would it be to conserve the original version that would
never be updated/improved?

“Those who do not remember history are doomed to repeat it”

Knowing how and why a software package has evolved over its existence
can
be quite important.

– Matt
It’s not what I know that counts.
It’s what I can remember in time to use.

But the bottom line is that preservation of the code is clearly
permitted by the very licenses under which _why originally published
them.

And as with every free software, anybody is free to publish a derived
version of the code under a different name.

What good would it be to conserve the original version that would
never be updated/improved?

Knowing how and why a software package has evolved over its existence can
be quite important.

When you clone a git repos, you always get the full history.