social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.

Administered by:

Server stats:

502
active users

Evan B🥥ehs

When an important project becomes controversial, GitHub says
"lets just take this project down so nobody can audit the supply chain attack mechanism and all the relevant discussion, surely this will make the problem go away"

This feels familiar (boehs.org/node/npm-everything)

Actually why is GitHub like this?

@eb

Owned by Micro$oft. Not much more that needs to be said, imo. :P

@amin this is the nail in the coffin and I'm migrating to sourcehut again. The site might take a while to move though

@eb

It's been codeberg for me for a while now. Copilot is what did it.

I also moved away from npm, which is also Micro$oft-owned, to Deno instead of Node.

@eb

(Basically, I had to re-code all my sites from scratch. [Then I did it again to switch to static sites when possible.])

@eb amusingly, they didn't take down the other projects of JiaT75 (even if they suspended the user)

but since I don't trust Github in keep doing that, I cloned one repo and archived the page that I cared about ( web.archive.org/web/2024033001 )

GitHubMake abort if failed a command line argument · Issue #7 · JiaT75/STestBy JiaT75

@eb yeah it's awful. i have a mirror of xz based on a tarball someone saved. not ideal but better than nothing: git.phial.org/d6/xz-analysis-m

@eb

"lets just take this project down, ... surely this will make the problem go away"

"Microsoft"

"They are the same picture"

@eb because Microsoft bought them 5 years ago, and the timeline of Microsoft acquisitions collapsing remains the same a quarter century after hotmail:

web.archive.org/web/1999101314

web.archive.orgI, Cringely: The Pulpit

@eb isn’t this a reasonable first move while they work on better ways to mark this repo as having problematic releases/prevent downloads? I hope they will put it up again soon.

@dom Not really. Both owners were suspended which should have prevented modification. Even if the repository was changed, it wouldn't be upstreamed anywhere signifiant, however as a result of this, all the links in my post are broken.

@eb I reported actual, actively abused malware to them months ago and it’s still up.