GitHub’s danger is that it is centralized, not that it is closed source. For example, npm is already open source and Microsoft owning it is still a threat to the ecosystem via their ability to control the software and decide what goes in and what does not.
Microsoft could open source GitHub and it wouldn’t make one bit of difference to their strategy, as it would not pose any danger to GitHub’s defaultness.
Gitea implementing a federated mentions model, plus easy cross-instance linking and federated notifications, plus one-click $5/mo hosted instances on a bring-your-own-domain model would, however.
I am beginning to think we need something along the lines of go modules for the javascript world. Cryptographically assured via merkle hash root, fetchable from any url with a standard protocol, and a public caching proxy. Go got it right, rubygems/pypi/npm most assuredly did not. (To be fair, go modules were designed latest of all of the members of that list, giving them the benefit of hindsight.)
Maybe yarn can go this route ifwhen npm breaks fetch for non-first party tools.
I wonder what would be involved in forking npm (the hosted package repository, not the cli tool).
Centralization is indeed a danger, but so is being proprietary. It would show some good will or otherwise willingness to avoid temptation if Microsoft freed the GitHub codebase even while staying centralized.
Freeing the code is a check-and-balance issue. It doesn't remove their core power, but it provides more of an escape hatch if they abuse the power. Sure, people could go to GitLab, but (A) if GitHub gets strong enough, they could hurt GitLab's business and progress and (B) it's a much more trivial move for a project to switch from Microsoft GitHub to an alternate GitHub host.
In other words, the easier it is for people to leave, the more incentive Microsoft has not to abuse people too much.
If we were going to go for the most ethical and trustworthy directions, it would probably be stuff like Fossil or SourceHut.
Microsoft could open source GitHub and it wouldn’t make one bit of difference to their strategy, as it would not pose any danger to GitHub’s defaultness.
Gitea implementing a federated mentions model, plus easy cross-instance linking and federated notifications, plus one-click $5/mo hosted instances on a bring-your-own-domain model would, however.
I am beginning to think we need something along the lines of go modules for the javascript world. Cryptographically assured via merkle hash root, fetchable from any url with a standard protocol, and a public caching proxy. Go got it right, rubygems/pypi/npm most assuredly did not. (To be fair, go modules were designed latest of all of the members of that list, giving them the benefit of hindsight.)
Maybe yarn can go this route ifwhen npm breaks fetch for non-first party tools.
I wonder what would be involved in forking npm (the hosted package repository, not the cli tool).