September 30, 2022

COSFONE

Networking, PBX, IT, DIY Solution

Chief maintainer of Apple popular projects:  GitHub is untrustworthy

5 min read

Chief maintainer of Apple popular projects:  GitHub is untrustworthy



 

Chief maintainer of Apple popular projects:  GitHub is untrustworthy


Previously reported on GitHub blocking accounts of Russian developers at companies sanctioned by the United States .

The platform’s move inevitably brought some damaging side effects, and Jesse Squires, the lead maintainer of two popular projects in the Apple developer community, Quick and Nimble, recently complained , “But it seems that GitHub does not fully consider This, because the suspension of these accounts is screwing up my project.”

 

Jesse noted on his personal blog that Quick 5.0 was released a few days ago.

He had reviewed and merged many PRs in the week leading up to the release; but when he was about to write the release notes, something magical happened – some PRs were removed, and even worse, the entire contributor presence disappeared .

 

“All their comments on issues are gone, all issues they opened are gone, all PRs they’ve opened are gone. Every activity related to that user is gone. What’s going on with this TM? “

 

Chief maintainer of Apple popular projects:  GitHub is untrustworthy

 

Jesse cites PR #1129, a critical bug fix in the project, as an example, you can see this line in the auto-generated release notes on GitHub:

 

  @BobCatC made their first contribution in #1129

 

“But both the user account and the PR result

in a 404. But you can find the merge commit here, which is all about the history of this change”.

Maintainer Rachel Brindle also opened a PR (another important bug fix), but the original PR that introduced the bug has also been removed. “The original PR that introduced it has since been deleted, so I’m not sure about the exact intent of the contribution.”

 

After a brief period of confusion, Jesse finally realized that these “mysterious disappearances” were all caused by GitHub’s rash suspension of Russian developers’ accounts, without considering its devastating side effects. Several Quick contributor accounts have been banned, “meaning we’ve lost all their contributions except for the original commit history.”

 

I’m not sure what GitHub’s purpose in suspending these accounts is, but it seems incredibly disruptive for any open source project that interacts with the now-suspended accounts.

In a service like Twitter, you can access a placeholder profile for a suspended account and see a message that communicates that the account is suspended, while other users’ @mentions for the account are still linked to the suspended account account information. On GitHub, this is not the case at all.

 

Apparently, “suspending an account” on GitHub actually means deleting all of a user’s activities. This results in:

(1) every PR for the deactivated account being deleted,

(2) every issue opened by the deactivated account being deleted, 

(3) every comment or discussion on the deactivated account being deleted.

 

In effect, the user’s entire activity and history is evaporated; all this valuable data is lost, and the only thing that remains is the original Git commit history. It’s as if this user never existed.

 

Again, it’s unclear to me whether the data loss was a goal of GitHub or if it was a blunder. Either way, this is a huge problem. Deleting this data without notice is an abuse of trust. Should we still keep important data on GitHub?

 

GitHub has not issued any notices or communications about the current ban, other than an earlier statement claiming to “serve all developers, including those in Russia .” “It’s absolutely confusing,” Jesse said.

 

I’ve only been working on this project I’ve taken over for a week or so, trying to track changes as diligently as a good maintainer, and then all sorts of weird, unexpected weirdness started happening.

What I don’t know is that GitHub is quietly joining the rest of the western world in punishing innocent Russian civilians…I don’t understand whose ‘victory’ is to delete GitHub accounts and cause food shortages for civilians.

As far as I know, the missing contributors are just regular iOS and macOS developers interested in community open source projects.

 

These actions from GitHub are harmful and destructive to open source projects and the open source community.

All of a sudden, I see PRs, issues, and comments from users who are actively contributing to the project disappear.

We lost valuable contributions, information, context, and discussion history on issues and PRs, and we even lost PRs that were open and under active review.

These jobs are now completely and forever gone. For merged pull requests, we have the original commit history, but this is no substitute for a full code review and discussion.

 

Maintaining open source projects is already difficult. It’s harder to inherit an old, neglected project and try to get it back on track. In this case, every PR, issue and comment is important to the long-term maintenance and success of the project.

Comments, discussions, and code reviews provide valuable background material that isn’t always reflected in commit history, especially for open source projects that have experienced multiple maintainers over the years.

People think the correct solution for GitHub would be to keep all contributions, freeze suspicious accounts to prevent future activity, and clearly indicate the suspension on the account profile page.

Then, if possible, re-enable these accounts. But apparently, GitHub thought the best thing to do was to remove them all.

 

So, thanks to GitHub for “screwing” things up.

 



You may have missed