https://github.com/github/feedback/discussions/8149 is discussing this right now 👍🏽
Recommended read: GitHub's commitment to npm ecosystem security | The GitHub Blog https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Not a great leading indicator when the person in charge of the hostile product decision gets promoted to lead up the whole dev division, including GitHub. One of the worst parts of devrel is when management decides to ring the register and sell off the earned developer trust.
The recent open source moves by Microsoft are interesting. On one hand, I love the power of a vocal community; on the other, I hate to see community/devrel teams left to clean up after a bonehead decision from an executive who is clearly disconnected from the reality of the work.
Brandon West (@bwest)Sun, 24 Oct 2021 15:22 +0000
Brandon West (@bwest)Wed, 03 Nov 2021 18:37 GMT
How measuring how long code review took as a team lead to being able to change our processes, and then deliver much more effectively.
Listing Which GitHub Pull Requests are in a Project (2 mins read).
How to list the PRs inside a Project on Github, for example, via a Ruby client.
GitHub isn't Open Source, and it's acquisition by Microsoft was not proof of their commitment to Open Source as a movement. There are other things that indicate a meaningful change in respect of the movement. ASOP is an "Open Source Project" in name and software license only.
Matthew S. Wilson (msw) (@_msw_)Sun, 24 Oct 2021 18:15 +0000
Recommended read: Bypassing required reviews using GitHub Actions | by Omer Gil | Cider Security | Oct, 2021 | Medium https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7
Recommended read: Postmortem: Removing all users from github.com/trivago · trivago tech blog https://tech.trivago.com/2021/10/05/postmortem-removing-all-users-from-github.com/trivago/
Does this include breaking down unethical uses of software by organisations like ICE?
So with the recent discovery that GitHub Actions create an OIDC identity per run, it's possible to configure Vault to allow auth w/ Actions identities and subsequently use that to get access to... anything. Some cleanup required but this is very promising! (c/o @grantorchard)
Mitchell Hashimoto (@mitchellh)Mon, 20 Sep 2021 21:02 +0000
Recommended read: AWS federation comes to GitHub Actions | Aidan Steele’s blog (usually about AWS) https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html
Recommended read: GitHub’s Journey From Monolith to Microservices https://www.infoq.com/articles/github-monolith-microservices/
If your AI processes AGPL licensed source code and thereby incorporates it, is your AI code required to be released to the public? Roll 3d6 and hire that many lawyers.
DM of Engineering (@dmofengineering)Thu, 08 Jul 2021 19:19 +0000
In case it's not clear what's happening here: @github's Copilot "autocompletes" the fast inverse square root implementation from Quake III — which is GPL2+ code. It then autocompletes a BSD2 license comment (with the wrong copyright holder). This is fine.
I don't want to say anything but that's not the right license Mr Copilot.
Armin Ronacher (@mitsuhiko)Fri, 02 Jul 2021 09:01 +0000
Stefan Karpinski (@StefanKarpinski)Fri, 02 Jul 2021 14:38 +0000
I'd just like to interject for a moment. What you're referring to as Copilot, is in fact, GNU/Copilot, or as I've recently taken to calling it, GNU code trained Copilot. Copilot is not an AI system unto itself, but rather a proprietary component that launders GNU code
Ian Coldwater 📦💥 (@IanColdwater)Thu, 01 Jul 2021 12:25 +0000
Last Copilot hot take. MS/Github have used their dominant market position as the largest source of public code in the world to build a closed proprietary service, without the explicit consent of their customers.
Ant Stanley #BLM (@IamStan)Thu, 01 Jul 2021 08:34 +0000
If Microsoft loves open source, then just make Copilot open source. It would be the bare minimum fair thing to do since without all that open source training data set, they would not be able to build it. But no, they want to monetize it.
André Staltz (@andrestaltz)Wed, 30 Jun 2021 16:04 +0000
github copilot has, by their own admission, been trained on mountains of gpl code, so i'm unclear on how it's not a form of laundering open source code into commercial works. the handwave of "it usually doesn't reproduce exact chunks" is not very satisfying
eevee (@eevee)Wed, 30 Jun 2021 00:47 +0000
throwback to that time a Google recruiter reached out to me after seeing my GitHub profile this was several months ago, but it’s only just dawned on me that they must’ve seen my profile full of abandoned projects and thought “yep, that’s Google material right there” 😂
Luna 🏳️🌈 (@lunasorcery)Thu, 10 Jun 2021 16:45 +0000
As it doesn't retain the history from the template, it may not be possible to update them easily?
We've found it to work quite well on my team, as it allows folks to see things they're not necessarily involved in, and actively seeks out their thoughts, as well as not leaving it up to the PR raiser to decide who
(Although we're currently using the "round Robin" approach)
It also doesn't mean others can't review
Hmm I'll have to try it but I thought rebase-merge was the same as a
You can also do this with a "rebase merge" on GitHub, and yep would recommend it if you don't want merge commits. I'd generally say keep them, but amend the titles to be ie PR title
Recommended read: Behind GitHub’s new authentication token formats https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
GitHub now automatically creates a table of contents for your README.md files from your headers. 📖 After much consideration, we made this a feature of the viewer, not a concern of the editor: no special markdown to insert. 💡 Let us know what you think!
Nat Friedman (@natfriedman)Fri, 26 Mar 2021 12:54 GMT
We only have this set up in a few places as it's not possible to do it org-level as you say, or configure it via the API https://github.community/t/support-autolink-reference-configuration-in-the-api/14614/
I wonder what turn around? Selling to Microsoft? I hear that GitHub still has a pretty toxic culture. I know nothing about Jason but it’s serious red flag of other pathologies to see a exec out on Twitter thirsting for more credit and recognition.
Post detailsI hope one day we can tell the GitHub turnaround story. Many great people should be known & stories/lessons told For this tweet, simply this: Betting on myself 19 friends said I shouldn't do it: couldn't be done 1 said I *absolutely* had to: bet on yourselftwitter.com/jmj/status/136…
Jason Warner (@jasoncwarner)Sat, 20 Feb 2021 15:47 GMT
kellan (@kellan)Sun, 21 Feb 2021 19:27 GMT