I’ve been around when the FUD spreading happened, which later gave rise to the famous Halloween documents, e.g.:
If you never heard about that, please read about these events and documents. (The take of ESR might give a better perspective than the WP article.)
These were no fun at all. A real danger to literally all of open source software!
Maybe that’s why I’m so disgusted each time I try to read the TOS of github (due diligence).
A nebulous legaleese like many such texts. What parts do you even need to read?
In comparison, the MIT license which Frappe uses is short and clear.
github’s TOS are also available as a github repo with over 15000 commits, who can ever follow that?
And their TOS state that they can change anything at any time even without saying it.
All this seems totally crazy to me, and also potentially like one gigantic trap.
And be reassured, I wouldn’t write anything different to begin with on github than I did here.
I also don’t understand why almost everybody flocks to github.
git was meant to be a distributed archive in order to combat the abuse operated by certain centralistic entities. Some people really tried to surreptitiously corrupt the source of Linux! So Linus reacted by writing the git tool. So there should be some resilience. But are we exercising it regularly, to be prepared for mishaps?
Is there a way to be sure we get the code which frappe engineers wrote?
Is there any code signing? Is there a frappe master repo?
Is there an organized vigilance, e.g. ways which check the uncorruptedness of what github delivers?