The complete source code for Drupal.org is not available either. Does that mean that we should all abandon ship?

Number two is purely philosophical, and hardly reason for picking one system over another.

As for number three… I think any service provider has the right to terminate their service and delete your data, even if they do not say so explicitly. Also, there are other risks than outright deletion. Git.or.cz might die in a fire or Gitorious could go bankrupt. Either way the copy of your data on their web site would go away, but since Git is decentralised, you would not loose your data, as long as you have a clone (ie. have the code checked out) somewhere else.
Besides, I haven't heard of Github deleting people’s valuable data in any case, have you?

There’s valid reasons to use Github, and valid reasons not to. But posting FUD like this is just embarrassing.

Fago found a nice solution for it, which allows one to enjoy github, but still commit to CVS -- http://more.zites.net/git_drupal_contrib_cvs

Chx, Your points #2 and #3 are classic legal notes. How is this that different than Now Public://www.nowpublic.com/help/terms_and_conditions

> #6 Termination of Access
> If You use the Site in any manner that is prohibited by these Terms of Service, NowPublic may without notice terminate or suspend Your use of or access to the Site or the Services.

> #11 Intellectual Property of NowPublic
> The copyright to the Site, the design and appearance of the Site, and all of the materials and content on the Site (other than Your Content) are owned by or licensed to NowPublic. These materials are protected by law against unauthorized copying and reproduction. Any use, reproduction, or distribution of material, including caching, framing, or similar means, from the Site (except as permitted herein) without written permission of NowPublic is expressly prohibited. © Copyright 2004-2006 NowPublic Technologies Inc. All rights reserved.

With typical service terms and conditions. As pointed out above, Now Public has the same thing.

It's perfectly within reason and capability for people to run their own Git repository. Why such a personal vendetta against Github? If you have something to back up these fears that would help us understand, but until then, this seems like tin-foil paranoia.

The GPL is by design using "the force of [copyright] law" to protect a concept, specifically the concept of sharing. So your argument for point 2 doesn't really work.

For point 3, I have that problem with any hosted service, open or otherwise, and the larger the organization the less I trust it. That's why I avoid Google Apps when I can and run my own mail server. github, gitorious, sourceforge, Google Code, they're all essentially equivalent in this regard.

Point 1 is the only valid point. As long as you're checking out source from them and compiling yourself there's not much back door they could sneak in (that you couldn't find eventually, especially with git's tracking capabilities). If you're issue is just that their management and control software is not open source, I will grant you that. How much of a problem that is is a judgment call that different people may not agree on. (I'm inclined to agree with you in principle, frankly. I'm just noting that is a value judgment.)

Even if GitHub removes your code, you still have the entire history stored offline on your machine. Or other people have. I think you're really spreading FUD here. You could probably bring up the same arguments against Google Code and SourceForge.

Github could sneak anything in your code, even if its source code would be open.

It's a service, there are certain limitations and it needs your trust. Else you just don't use it and that's all.

The git repo format is fully open. It also stores the full commit history (well, if you pull all the branches). To me, GitHub is like a nice frontend that is a pleasure to use. Granted, also a "social" frontend that tends to draw in other developers - maybe this is the scary bit, that it's like a honeypot blinding developers with shiny?

Anyhow, I fully understand it could go away or become evil at any time, nevertheless I will trust them until I get burned. If I do, it will be very easy to switch to something else. It's not locking anyone in.

I would not use GitHub for a private project because as you said the code could walk out the back door. But this really the case for any code repository services.

But because of how git works the other things don't really matter for an opensource project. The main thing is that if github decides to kick you off it doesn't matter, you will have a complete repository with full history which you can put onto another service.

You try doing that with a svn or cvs service. They boot you and they have all your code and history and there is nothing you can do to get it back. Basically you history starts again.

Not many people here, primarily Károly, seem to understand what git and distributed version control is. And the nature of git and dvcs is pretty central to all arguments but no. 2, which I just find strange.

1. Github cannot sneak in a backdoor into our code. Git repos are cryptographically signed all the way down to the first commit, cannot happen. Personally I always pgp-sign all my release and milestone-tags, which gives me and everybody else trusted checkpoints.

2. Seriously?

3. Github cannot disrupt Drupal or it's modules by taking our accounts offline. Everybody who is working on a project has the FULL history of the project locally. If github would evil out on me and kill my account I could just start publishing my repos somewhere else. And if I've deleted my local repo there are copies at every server that I've clone the project to and on the machine of every dev that's contributed to it. And because git is cryptographically secure I can always trust these sources as far as the last known SHA1 of a commit, or the last PGP-signed tag.

I don't think that people have realized that where the code is hosted is a non-issue: because there is no host, only distributed copies. Github is therefore focused on the social aspects of coding, making what we work on visible to others and making it easy for everybody to fork and contribute back.

I was fooled into opting for gitorious to set up a nice base repository on ubuntu karmic but that has turned out to be a ginormous PITA.
Valiant but outdated, fallible walkthroughs with wrong assumptions, which unfortunately do not get you to a working systme can be found at:
http://gitorious.org/gitorious/pages/UbuntuInstallation
and (smarter but even more difficult)
http://cjohansen.no/en/ruby/setting_up_gitorious_on_your_own_server.
Both assume knowledge of basic and sometimes not so basic linux commands and behaviour, that i don't possess. The ruby assumptions don't make it easier.

I'm just a themer. If someone shows me a proper walkthrough for setting up a base repository on my server, I intend to give up github for gitorious. Heck, I'll put in another couple of days worth to try and figure it out.
I just don't like it when we scream against proprietary stuff without coming up with a proper alternative. It's just not the Drupal way.
About the actual use of git and drupal (be it with gitorious or github) i've found nifty information at:
Gordon Heydon's video presentation
and Simon Hanmer's multisite integration information
and ofcourse the pro git book.

It's just that I can't find a decent installation walkthrough for the "aptitude and ruby" challenged regarding Gitorious. If anyone of you is able to get it working on karmic, please, please, please would you do a write-up or improve on the wiki .

I had a hard time finding my way on ubuntu because many of the tutorials on the Internet are the very opposite of Drupal documentation. The ones for gitorious are especially crappy because they do not consider that simple tasks like downloading a tarball and unpacking it or copying a file or moving to an elevated prompt are difficult for new users to understand.
Here's a list of commands that are often assumed as knowledge, that should not be:
wget (downloading stuff)
tar zxvf (extracting a tarball)
chmod a+w -x (making a file executable)
sudo -s (changing to root)
su -[username] (changing to another user)
cp (copy)
cp . (copy the entire directory)
mv (move)
rm -R (remove recursively)
apt-get or aptitude (is there a difference?)
tasksel installing installation bundles
find finding a file or folder
Or that - signifies shorthand and -- longhand, e.g. -h and --help.
Or knowing that nano, vi and emacs are not intuitive/usable for newbies when vim is (sort of).
And that typing :q! lets you get out of vim without saving and :x let's you get out of vim with saving your work.

Sorry about the rant, I'm really trying and getting zero result. I respect the work that has gone into gitorious but I feel left out.

The way I see it, as long as you're checking out source from them and compiling yourself there's not much back door they could sneak in (that you couldn't find eventually, especially with git's tracking capabilities). If you're issue is just that their management and control software is not open source, I will grant you that. How much of a problem that is is a zend judgment call that different people may not agree on. (I'm inclined to agree with you in principle, frankly. I'm just noting that is a value judgment here.)

It seems you've had a change of mind recently: http://github.com/chx/awesomerelationships

Explaining why would be a nice complement to this post, would it not ?

Actually gitorious is best than the git,but in the Github the account is suspended by the other github services at any time,if an important task is continuing at that time github must creates disturbances due to many sources.
writes about Arch Supports

GitHub uses is a black hat technique which uses the other source code.I don't think unavailability of source code makes that copyright but reusing of html 'java script,css make thge the terminate of account at any moment . I think abundant memory can solve this problem.
Liya - travel insurance professional.

The suggestions you provided is really awesome and useful too.As you share that the source code is not available for github is disappointing and I agree that github are not trust worthy as because they terminate our accounts in the middle of the session.I thank you for making us aware of the drawbacks of github.
Alice- Interested in sell scrap gold

GitHub is a web-based hosting service for projects that use the Git revision control system. GitHub is the most popular Git hosting site. The site provides social networking functionality such as feeds, followers and the network graph to display how developers work on their versions of a repository.
John - Writes about Phone card for sale

It is great to know that the Github a new technology from Android in web hosting which provide lot of facilities like feed, follow, and the network graph of the network. Which is definitely helps the user to solve their web hosting problem.
Shaun - Writes about travel insurance

!. Your an idiot. period. If the github source code was openly available, I'd be worried that somebody could more easily locate a loophole into my code. Since it's not available, that's all the more security for my code anyway.

@. The look and feel is copyrighted for good reason. If some jackass made an exact replica of the website it would probably end up with somebody uploading source code to something that they shouldn't. Every professional company will always copyright their brand. Your an idiot.

#. And I wish that they'd suspend your dumbass drupal website too. They have this type of legal disclaimer to prevent some dumbass like yourself from posting malicious code to their system. It's not so that they can run around deleting glorious frameworks like cakephp, but instead to delete retards... LIKE YOU!

$. Please stop 'contributing' to the internet as it only shows your ignorance and ... yes, totally just wasted five minutes of my time.

Seriously, is this shit for real?

1.It's just code hosting, bro. It's just a web interface to git. Git is free. You can push your project to another host in 5 seconds if they pull something stupid (which they won't). They also contribute a fair bit to open source. Most of the libraries they use were either already open source or created by GitHub in-house and later open sourced.

2. You are just a posturing hipster. They are just covering all legal bases and you shouldn't concern your little brain with things like that.

3. Git is distributed. Every time someone clones a local copy. You have a full backup of the project. There are also plenty of other free code hosting services available. There's nothing to stop you pushing to 3-4 others if you're paranoid. You can even set up a group target to allow you to do "git push all master".

Anyone with a brain can see this. I use GitHub for public projects because it's just plain easier and has more exposure. I use Bitbucket for private projects because it's free (hey, you can't beat free). I use CGit for projects where some RMS-esque idiot like you is likely to come along and complain about only using free infrastructure. Simple. It's all still git.