If you truly wish to avoid this kind of problems you should think about hosting your own platform rather than jumping to the next one. Just because the smaller players haven't done anything bad doesn't mean they wouldn't.
Gitea/Gitlab are crazy easy to set-up nowadays, especially with a fully working CI/CD setup (I use Gitea+Drone and I love it, Gitlab comes with its own)
Problem is that there are so many services that integrate with github directly that moving to other alternatives will also require moving/replacing those 3rd party services.
Is it possible to self host the code, but then automate syncing backups to public Github.
That way you can use 3rd party integrations, and be part of the Github ecosystem 99% of the time, but when they do something like this, you have an emergency place to work from?
Plenty of projects do this, hosting on their own infrastructure and syncing one way to a R/O repo on github for those who find that for some reason easier to access. A couple of examples are boost and llvm
You are essentially shifting the problem from entity to entity and from one domain to another. If you self host your repository, your hosting provider can pull the plug and you essentially end up in square one. If you decide to self host, you should consider multi-cloud cross continent and cross political doctrine cluster.
You don't need a hosting provider. Your code fits on each developers' machine. (Remember when git was touted as a distributed version control system?) If it doesn't, you're at the scale where you're not worrying about your hosting provider dropping you — they're worried about you dropping them.
That's just as true of GitHub though, and isn't the problem. The problem is the related services, like issues, PRs and now CI/CD which all sit with the code but don't come down on a clone. That problem still hasn't been solved, which could mean your whole knowledge base goes missing if you lose access to the server. CI/CD can maybe be replicated from what's on your laptop, but if you don't have the PR history it could spell doom for big codebases that don't use extended commit messages a lot.
I never understood why all that stuff wasn't also committed to the same repository. History is history, whether it's source code or talk about source code.
Of course it could also be in a database thingy for querying and stuff.
Some people say it is because Github wants to lock you in. I don't really believe that, but I am equally sure they don't mind if you lock yourself in.
I've had to resort to this I have 2 CentOS servers at the office. One running Gitlab CE the other running Gitlab Runner. We can't risk getting burned by Github or Gitlab if we forget to use the correct words in repos.
Switching domain registrar and re-routing DNS is a simple and cheap thing if it ever becomes necessary.
Moving your own self-hosted stuff around different hosting providers is easy and doesn't interrupt the service, at least not for long. Just open an account at a new hosting provider. Fire up, your backup, changing DNS and you are up and running.
At some point, there are risks you can't realistically control. There will always be extremely unlikely but theoretically possible catastrophic outcomes. Working DNS is great until global thermonuclear war or a supervolcano erupting renders the Internet rather irrelevant, for example.
A sensible policy is to look at the risks you can do something about, try to assess how likely each threat is and what damage it would cause if it actually happened, and then make your plans taking into account how much you want to control those risks and what it costs you to do so.
On this scale, something like the total collapse of law and order or the failure of the core infrastructure of the modern Internet and its governance processes is obviously less likely than one commercial service provider pulling the plug on unspecified or unreasonable grounds.
I think highlighting risks in systems we might eventually change, but can't change yet, is also part of sensible policy.
We're not going to change the DNS registrar system overnight. But by drawing attention to the issue, we might, eventually, make it a bit more robust with regards to things like registrars becoming unresponsive to small players, or losing data.
For example if people could register with two or three independent registrars in order to have robust control and ownership in the event any one registrar fails them, that might help as a technical solution for robustness. No doubt there are other non-technical things that may help as well.
Separate from changing DNS, I think it's sensible to recognise that risks with cloud hosting or using SaaS, as happened to OP with their GitHub account, also exist with DNS, so for anyone who would find that a problem, they should evaluate whether relying on a single domain, or even on DNS itself, is the right thing to do. For example, high-value IoT devices in the field that can't be updated easily might look for their server at more than one DNS name, and specifically on separate domains (not subdomains) held by distinct registrars, and validate the server's identity. Or they might keep track of IP addresses that have worked recently (in addition to DNS) and fall back to those. (I have worked on devices where this was helpful because DNS on some deployed sites turned out to be unreliable.)
I don't disagree, but I think it's fair to say that the risk of some random DNS-related dispute causing a problem where your registrar cuts you off is much lower than the risk of some random SAAS you depend on pulling a fast one.
The culture and economics behind a lot of tech SAASes that we talk about here all the time make them inherently vulnerable to discarding or abusing users, even those who have been with them a long time and maybe paid them quite a lot of money, in the name of the almighty growth curve. The incentives there are not necessarily aligned with supporting even long-standing and loyal users.
In contrast, there is little to gain for a DNS provider to screw a paying customer or get embroiled in some tedious arguments about rights to some domain name. They can't entirely avoid that because of the environment they operate in, but they are generally going to make the most money when they have lots of happy customers who can briefly engage with the provider's almost entirely automated systems and pay some registration fees for the privilege through another almost entirely automated system and then everyone can get on with their day happy with the trade.
It can be difficult if the old registrar won't cooperate.
Especially if you registered under a pseudonym, as then you can't prove legal ownership of the domain either. But even if you register under your real name, you may need a court case to compel transfer if the old registrar won't cooperate.
> If you self host your repository, your hosting provider can pull the plug and you essentially end up in square one.
Yeah, but it's much, much, much less likely than some script at GitHub getting triggered and shutting your account down. And even the cheap hosting providers do have ultra-premium-platinum-support compared to Google, GitHub, Amazon etc.
If you self host your repository, your hosting provider can pull the plug
If you self-host your repository, you don't have a hosting provider. There is no-one to "pull the plug" on the server at my business's office except the people who work in the building who could literally pull the plug, and I suppose the electricity and phone companies and our ISP.
What you are talking about isn't self-hosting, it's hosting in the cloud on VMs you're renting directly. This is an intermediate step between self-hosting and using a fully hosted service like GitHub.
With cloud-hosting, you are probably still subject to the whims of your hosting service. For example, you might be subject to occasional forced restarts of a long-lived instance if your hosting service needs to restart or replace the underlying physical server.
However, in most cases, unless you're doing something illegal using their equipment or compromising their system in some way, these hosting services don't much care what you're running on your virtual box. This option is still far less risky than using a fully-hosted service, not least because you retain full control over the underlying data so there is almost nothing that can happen because of your hosting provider that a reasonable backup strategy can't fix within a relatively short amount of time.
Yes, but be honest, how many people can easily get their own AS? The barriers to getting an AS number are by design higher than the barriers to getting hosting with a random provider. If I can prove I have hundreds of hosts I want to connect to the Internet, I can probably successfully get an AS number and get in line for a slice IPv4 space when one becomes available. Joe Random probably can't.
Gitea/Gitlab are crazy easy to set-up nowadays, especially with a fully working CI/CD setup (I use Gitea+Drone and I love it, Gitlab comes with its own)