This doesn't look like a de-obfuscated copy of GHE. There are Dockerfiles, Gemfiles, and other build-related configs in the root directory. Also the README states:

  This is GitHub.com and GitHub Enterprise.

It may simply be that their obfuscation process removes those files and adds GHE-specific files, and none of it ran.

Circa a few years ago (maybe their obscurity scheme has improved since then), they just used a binary blob that decrypted the (Ruby) source then passed it to a Ruby interpreter process. If you replaced your Ruby interpreter with one that would also print the source, you had all the code. :P

Don't forget the original from which gitea forked: Gogs https://gogs.io

Are there advantages to running Gogs rather than Gitea nowadays?

I'd still call it a leak, since GitHub is closed-source. Then again, this raises an important point: with the source code so easily acquired, why isn't it open-source?

>why isn't it open-source?

Most likely support. GH probably doesn’t want to support an open source version (triaging issues, reviewing 3rd party pull requests, having an open roadmap). Likewise it would probably be bad PR if they just dumped the code base and were really slow (or didn’t) respond to bug reports.

Being open source requires a lot more than just the source code being available.

I never really realized how much effort goes into open source or the community dynamics that power it until I read that Working In Public book by Nadia Eghbal. Really shines a great light on the dynamics and effort required to keep alot of these projects going.

Nadia Eghbal worked at GitHub, so her perspective will be skewed by the dominant influence.

The GitHub way of working has only been around since GitHub launched. Accordingly, the free software and open source communities that predate GitHub had their own ways of working before GitHub came along. Despite the widespread perception that GitHub makes doing open source easy, it comprises a set of practices that can be and are frequently more taxing than the alternatives. If GitHub is all you know, though, or you've forgotten, or you've just not noticed and never measured it, then it's easy to think that the GutHub way embodies the essentials of development in the open, even though its workflows are pretty bloated.

What does that matter though? Is the expectation that GitHub would have managed it's open source offering outside of GitHub?

The comment was a direct response to the other (about how much effort it takes to do open source [on GitHub]). I can't make full sense of your questions, but what is possible to make out doesn't seem to follow from the comment you're replying to.

Sounds like Github want's features to please it's paying customers more than open source (which is the marketing channel), which makes sense.

> Being open source requires a lot more than just the source code being available.

Well, you don't necessarily have to do those things. See for instance Apple's XNU Kernel. :)

Yes but Apple doesn't post XNU on GitHub. They publish codebase snapshots to a read-only website every once in a while. They have a GitHub mirror of the XNU codebase, but it's a few years behind and its Issue Tracker is disabled. Apple should engage more with the community. However the community needs to engage conscientiously. This leak is bad news, since it's the exact sort of behavior Apple probably wanted to avoid. It's so disrespectful. Last thing we want is for other companies like GitHub to think, "wow Apple was right, maximum engineering secrecy by default is the way to go."

> Last thing we want is for other companies like GitHub to think, "wow Apple was right, maximum engineering secrecy by default is the way to go."

Well, "maximum engineering secrecy" would be not releasing the source code to XNU. Apple is very secretive overall, to be sure, but not in this one respect.

I'm glad that XNU's source code is available—it lets you do a number of neat things. I wish more was available, but I'll take what we can get.

By extension, I don't support the idea that there's no point in releasing source code if you can't also release documentation and review outside pull requests. Making a tool available to the public is always better than hoarding information. All the other stuff is even better, but code is code.

---

All of that said, I recognize that for Github specifically, releasing code and not engaging with it might be a bad look, because their product is a code sharing platform. I don't think that applies to most companies, though.

I'd argue that's an even worse look for an org like GitHub.

It's not open source because the open source "community" is a liability and you want them far away from you at all times.

I'm not trying to be mean or sarcastic or anything. Just look at how maintainers are treated for a week and you'll see exactly what I mean.

So its like every other customer-service job. Just with less pay ;)

Just because something is open source, does not mean you have to engage with the "community". Slapping GPL on some code on a git repo somewhere, with a big sign saying if you don't like it you have the right to fork, so please fork off, is also open source, and a totally ok thing to do if you don't want to develop a community [Open source maintainers don't owe the world anything beyond what they freely want to give it]

While I understand the intent of your comment.. I think your unfortunate word choice may cause some bad optics.

You should say what words are unfortunately chosen, because you can't expect every reader to know the current list of unfortunates.

Well, I'm not a CEO, so I don't care about optics.

True. Reddit did that, and it definitely backfired.

how so?

Here's Reddit's announcement about going "closed source". They list similar challenges to that mentioned by the GP comment. https://www.reddit.com/r/changelog/comments/6xfyfg/an_update...

> why isn't it open-source?

why does anything needs to be open source in the first place?

Open-sourcing something should add value. Github doesn't see any value in doing so (and i would agree). It's not like github has any secret ingredient that makes github source special - gitlab has replicated most of github's functionality, and so has many open hosting platforms.

The value of github is mindshare, rather than anything code wise.

> why does anything needs to be open source in the first place?

Not advocating FOSS approach for anything, and I'm not strictly speaking of GH in that context, but generally, malicious code loves being hidden into closed source software since it's the best effective way to keep it hard to control and correct. When privacy, security, safety, accountability become important, the FOSS approach might solve a problems or two. Of course the downside is that everyone can look at it, so building a billions worth business out of a fork + 10 line changes + renaming of a FOSS project cannot work without violating the license by keeping it closed.

On the flipside, it's more plausible for an actor to get malicious code into a project in order to infect a target. Sure it has to be obscure enough to pass any code reviews during PR and/or involves compromising a contributor but it is possible and something I see happening in the next 10 years.

I'm also genuinely curious how many people actively review all the code they actually run. I doubt anybody but the very largest tech companies and high-end government would actually be able to afford and resources such a feat, and even then they would have DMZ-type areas to detonate unaudited software.

It's a bit ignorant to claim that public knowledge access has no value. There's a lot to learn from reading #1 project of it's kind, don't you think?

Not sure about others but I probably learn way more from reading sources of open source projects than I do from blog posts and books.

But GitHub objective is to earn.

Not help you learn.

There are so many issues with GitHub that could be easily addressed if open sourced. So many in fact that there are entire unofficial GitHub repos dedicated to raising issues about GitHub. They won’t see any benefit now that they are owned by MS and slowly being integrated to AzureDevOps, but they could definitely have had a much improved platform if they had opened years ago.

It’s actually the opposite, Microsoft is slowly killing Azure DevOps in favor of GitHub. That’s why Actions is getting so much traction and why codespaces on Azure was killed.

Because their primary target is enterprise consumers, who care about legality. It doesn't matter how easy it is to get illegal source code, their customers can't risk it.

- If the locks can be so easily broken, why are there locks?

- If it is so easy to shoplift, why don't stores just give out everything for free?

I think decompilers are so good, that any binary or pcode can be reverse-engineered by anyone that wants.

I generally like to open-source all my work. I'm working on a closed-source app, right now, but I think that it should be made open-source, once the embargo has passed. The backend is already open-source, as is the SDK.

I like to use the MIT license, which says that you can use the code how you like, but don't come whining to me, if you pooch it.

But I will, sometimes use a license that says "Here's the code for you to look at. It's not authorized for copying."

I think that it's a good idea to have it available. I seriously doubt there's anything in my stuff that is so proprietary that I'm afraid it will get ripped off. I do the same stuff everyone else does; maybe not as cleverly.

I just feel that it's good to show folks what's under the hood, if at all possible.

> I seriously doubt there's anything in my stuff that is so proprietary that I'm afraid it will get ripped off.

It depends. Figuring out how to design a large system still takes an appreciable amount of time even if you only end up gluing a bunch of other stuff together at the end of the day. And chances are you have something original in there somewhere. If the market is particularly cutthroat it might be a bad idea to risk giving your competitors even a slight edge.

I do appreciate the sentiment of proprietary source available projects though!

The hyperbole contributes nothing of any value to the conversation. While folks are definitely making good counter-points, I think the question needed to be asked.

I did not mean to exaggerate, just to demonstrate that in the world we live in, barriers to action are rarely physical, but moral and legal.

It's not that people do not pick locks because locks are so secure. It's because lock is polite way to say "do not enter here" and almost everyone respects that. If someone wants not to respect it, there are a multitude of YouTube channels showing how trivially easy it is to bypass it. But then, the legal aspect kicks in and punishments follow.

The same with stealing. It is trivially easy to steal. Moral code stops most people. Legal code punishes the rest.

Anything in our world can be "so easily acquired" if one does not care about laws and ethics. In that sense, the question posed in the original comment seems utterly bizarre to me. If anything that could be easily acquired were to be released for free, almost everything in the world should be released for free.

Maybe if it uses some GPL/A-GPL code in there it might need to be?

Open source is another ball game license wise.

What issues did you encounter?

I've used it as a local-network git remote and generally enjoyed my experiences with it. It's not quite as developed of a web interface as Gitlab or Github, but as a git remote with a web frontend it's very usable and quick to deploy.

Why?