China is attempting to mirror the entire GitHub over to their own servers, users report

0x815@feddit.org to Technology@lemmy.world – 839 points –
Still (@still@infosec.exchange)
infosec.exchange

GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.

It is being reported that many users' repository are being cloned and re-hosted on GitCode without explicit authorization.

There is also a thread on Ycombinator (archived link)

288

You are viewing a single comment

It is not illegal is it?

If it is legal, then thank you China for the free backup.

I do believe it's illegal if they take a repository with a restrictive license (which includes any repository without a license), and then make it available on their own service. I think China just doesn't care.

If it's hosted in a public repo, anyone can clone it, that's very much part of most git flows.

What you can do with the software, how you can use it, that's another matter, based on the licence.

That of course assumes China will respect the copyright..

Sure, you can probably clone it - I'm not 100% sure, but I think laws protect that as long as it's private use.

You can also fork it on GitHub, that's something you agree to in the GitHub ToS - though I think you're not allowed to push any modifications if the license doesn't allow it?

Straight up taking the content from GitHub, uploading it to your own servers, and letting people grab a copy from there? That's redistribution, and is something that needs to be permitted by the license. It doesn't matter if it's git or something else, in the end that's just a way to host potentially copyrighted material.

Though if you have some reference on why this is not the case, I'd love to see it - but I'm not gonna take a claim that "that's very much a part of most git flows".

Illegal according to who?

The US? Why would China care, they are their own country with their own laws.

International courts? Who is enforcing those judgments?

2 more...
2 more...

Law do not exist by itself; it's the result of balance of power. How would you know that your State do not use illegally free software ? And if you know it, could you sue it ? Even if it's a classified administration ?

Apply laws Internationally is even worse. It usually depends of the imperialist relationship between States. For exemple, Facebook rules was illegal in France, but France changes it's laws rather than sue Facebook. A decade later, the whole European Union could forte RGPD upon the GAFAM.

China have nothing to fear in ignoring those licence, and we shouldn't rely on it to protect our work. However we could strengthen our common defenses, through FOSS for people in the US … and maybe trade unions elsewhere.

2 more...