That doesn't seem like a super meaningful statement, not least because it's both excessive and insufficient. If you have a git repo on your laptop, microsoft or the dot net foundation or whoever can't alter it. If you make a repo on github, they still can't touch your local repo, but they can do things to the repo on their side. And so, yes, controlling more of the stack would give you more control; if you pushed it up to a gitea (or whatever) instance on an AWS EC2 instance that you manage, then it's vanishingly unlikely that someone can change "ownership" of the data (by modifying the metadata in git(hub|ea)), but of course AWS could do whatever they want to to your instance - so do you own it? Okay, well let's put it on a server that you bought yourself, and that you run in your basement (or even a colo; actually it doesn't change the situation). If you want anyone else to use it, you still need an ISP and probably (practically) a domain/DNS (read: domain registrar and name server(s)). In practice, you'll never own the whole stack, but on the other hand, you shouldn't need to, and in many cases you don't.
> That doesn't seem like a super meaningful statement, not least because it's both excessive and insufficient.
That's very disingenuous.
The "application server owner" has all the control. The "server owner" can transfer my repo, copy my PRs, inject their own PRs, and even lock me out.
If I control the server, it becomes VASTLY more difficult to impersonate me or inject a change without my permission or cooperation.
Sure, it can be done, but it will take far more than just a couple people of random employees typing for a couple minutes at a keyboard to pull it off. Someone will have to spend real money to usurp my DNS, set up another website, copy all the data (which they may or may not have full access to), etc.
The cost to compromise me is orders of magnitude higher if I control my own servers.
It's not disingenuous, it's a difference in magnitude and threat model. Owning your server gives you things that a hosted offering doesn't, and fails to give you other things. That may be a good trade off, but it is a trade off (ops isn't nothing), and it's not an absolute, both of which mean that dismissive statements about owning your own servers are less than helpful.
