China is attempting to mirror the entire GitHub over to their own servers, users report
infosec.exchange
GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users' repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
You are viewing a single comment
I don't understand why this is a bad thing? Open source code is designed to be shared/distributed, and an open-source license can't place any limits on who can use or share the code. Git was designed as a distributed, decentralized model partly for this reason (even though people ended up centralizing it on Github anyways)
They might end up using the code in a way that violates its license, but simply cloning it isn't a problem.
I expect it's going likely to be used to train some Chinese AI model. The race to AGI is in progress. IMO: "ideas" (code included) should be freely usable by anyone, including the people I might disagree with. But I understand the fear it induces to think that an authoritarian government will get access to AGI before a democratic one. That said I'm not entirely convinced the US is a democratic government..
PS: I'm french, and my gov is soon to be controlled by fascist pigs if it's not already, so I'm not judging...
Even if they do that, the license for open source software doesn't disallow it from being done.
It certainly can. Most licences require derivative works to be under the same or similar licence, and an AI based on FOSS would likely not respect those terms. It's the same issue as AI training on music, images, and text, it's a likely violation of copyright and thus a violation of open source licensing terms.
Training on it is probably fine, but generating code from the model is likely a whole host of licence violations.
Some, but probably not most. This is mostly an issue with "viral" licenses like GPL, which restrict the license of derivative works. Permissive licenses like the MIT license are very common and don't restrict this.
MIT does say that "all copies or substantial portions of the Software" need to come with the license attached, but code generated by an AI is arguably not a "substantial portion" of the software.
How do you verify that though?
And does the model need to include all of the licenses? Surely the "all copies or substantial portions" would apply to LLMs, since they literally include the source in the model as a derivative work. That's fine if it's for personal use (fair use laws apply), but if you're going to distribute it (e.g. as a centralized LLM), then you need to be very careful about how licenses are used, applied, and distributed.
So I absolutely do believe that building a broadly used model is a violation of copyright, and that's true whether it's under an open source license or not.
I agree with you, and don't really have any answers :)
By comparing it to the original work.
And how will you know what original work(s) to compare it to?
How do you know anything about anything an LLM generates? Presumably if you're the author you would recognize your own work?
I'm not going to be monitoring Chinese code projects. They don't seem to care much about copyright, so they'll probably just yoink the code into proprietary projects and not care about the licenses.
What am I going to do, sue someone in China? And decompile everything that comes from China to check if my code was likely in it? That's ridiculous. If it's domestic, I probably have a chance, but not if it's in another country, and especially not one like China that doesn't seem to care about copyright.
The code needs to maintain the copyrights and authors. They are "mirroring" usernames into their own domain, with mails that dont correspond to the original authors, stealing their contributions.
Oh! I didn't realise this. Do you have an example?
That would make it plagiarism, which ethically is a whole different matter than merelly copying that which is free to copy.
I’m seeing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source. It doesn't automatically grant permission to share either.
It may not be de jure open source, but if the code is posted publicly on the internet in a way that anyone can download and modify it, it sort of becomes de facto open source (or "source available" if you prefer).
Please don't muddy the water with terms like this. Something is open source if and only if it has an open source license.
I personally don't care if someone "steals" my code (Here's my profile if you want to do so: https://github.com/ZILtoid1991 ), however it can mean some mixture of two things:
Of course it could mean totally unrelated stuff too (e.g. just your typical anti-China and/or anti-communist paranoia sells political points).
Isn't GitHub already blocked in China?
It is
You can't block open source projects from anyone. That's the entire point of open source. For a license to be considered open-source, it must not have any limitations as to who can use it.
I think they were referring to blocking GitHub from public access. In the event of a world war I could easily see Microsoft obeying the order to shut down GitHub.
But china bad and scary.