But if Mycroft leaves its code on GitHub, what guarantee is there that Microsoft won’t alter the code?
Microsoft monitors its users more than almost any other company in the technology industry, and with Mycroft being developed on a Microsoft platform, Mycroft loses a lot of my trust… The entire project should be moved to a neutral platform - that might be GitLab or it might be elsewhere, but it’s not GitHub if you want your users to trust that the code has not been modified by Microsoft.
if mycroft ends up moving, please consider going self hosted, microsoft may just buy gitlab next and it’s the same all over again 
Seriously?? MS is going to modify EVERY repo that it doesn’t like in a matter of days or weeks??
I think you are being a little bit extremist, does MS even have a Home based AI product other than Cortana on Win 10?
EDIT: The Blockchain Whitepaper, said that Mycroft has around 13,000 installs, how many 10s of Million does Windows 10 have? Mycroft is small fish.
I never said they’d alter the code in a matter or days or weeks, though given the resources Microsoft has at hand, that’s not implausible… Just unlikely.
As for the whole “small fish” thing, that’s not entirely true - just how many “virtual assistant” projects do you think are out there? The Mycroft project might be small (for now), but it is sits on a very short list of “virtual assistants” out there…
Given that the code is now stored on servers controlled by one of the biggest surveillance companies in the world and considering there are so few “virtual assistant” projects out there, Mycroft is actually more likely to be a target of malicious attacks from companies like Microsoft.
I doubt they would modify anything of the source repos, nor I see them appropiating of anything… I doubt they’ll risk being sued.
On the other hand, I can easily see them doing things like:
All of this are pretty harmful and they are on their right to do it.
No, let’s face it, github has become the 2018’ sourceforge. Better to leave to a self-hosted solution and be completely free and independent.
Let me qualify that, that number was the time frame that Mycroft would take to make a decision to move their repo off of GitHub.
Very true, it would seem to me that a modification of source code would be possible but should be pretty obvious to any developer that know their own code well.
Uh huh.
Just like how the North American Government was sued for doing exactly this, on a mass scale and usually outside of the law?
Naivety like this is exactly why companies and governments keep getting away with this sort of thing… Apparently ignorance is bliss after all.
And yet the last couple of years have shown just how inaccurate such a statement is… Numerous projects (Open and Closed Source) have had their code modified by governments and intelligence agencies around the world (notably by the governments of the “Five Eyes”) - yet how many times did the developers notice and/or how long before they noticed?
I don’t doubt that Mycroft would notice eventually (hopefully sooner rather than later) - but any delay in noticing such a modification to their source code is too long, when you’re talking about a device that can capture so much data…
WWASD? (What would Adam Selene do?)
OKay, first of all, there are multiple governments in N America!
Again with governments, I thought we were talking about Microsoft, not a government…there still, at this point, is a difference! I think you need to lighten up here, Mycroft is still unknown to much of the world, although that might be changing, I doubt if MS or any government cares at this point.
I am not familiar with the details of the unauthorized and/or malicious modifications to open source projects by government or intelligence agencies that you are referring to. Would you help me out with a citation? This Google query also did not get me very far:
open source (modified|infiltrated|infected|altered) (unknown|secretly) (agency|government)
I think the details will be an important point. If the the alleged offender did not abuse admin privileges, but instead made normal commits with disguised bad intent, then we are just vulnerable even if we host ourselves. If the attackers circumvented access control altogether, well then again we are just as vulnerable.
I saw in other comments here describing what we want in a source control provider, and I noticed the inclusion of the word “private”. I think this misses the point somewhat. In our personal data and our usage we want privacy, yes. For our source code and development process we want open and transparent, not private. We collectively and mutually act as watchdogs, which is facilitated (though not guaranteed) through open software and process. I am not clear on how that in and of itself is threatened by MS ownership.
Otherwise, Based on the concerns I am hearing throughout this thread, maybe what we should be looking into is cryptographic signatures on commits and repository replication.
Move to GitLab,
GitLab supports groups and subgroups so it’s easier to organise our 100+ repositories, making it easier for everyone to find their way round, and also visualise the different parts of the project/platform and how they fit together.
There could be groups for mycroft-core, Mimic TTS, Core Skills, Packaging, enclosure Infra, Documentation, Tooling, Working Groups, Experimental… the possibilities are endless but each group is easy to digest and only contains repos specific to each groups goals. On GitHub you just get a giant list of all repos and you almost have to remember repo names as paginating through the list is just painful if you can’t.
GitLab supports issues, milestones and kanban boards at both group and project level. This makes it really easy to organise per project as well as at the group level and get a higher level view of what’s going on. You can also move issue between projects which is handy!.
GitLab CI would also be a great thing to have at the project level. Each project could define it’s own pipeline for merge requests, doc generation, building etc.
GitLab releases new features nearly every month, so things can only get better.
This is more than just a PR move, this is about how we do this things in the future too. I say let us not do compromises in face of events such as this one. Make a firm statement that Mycroft does not do compromises and that Mycroft will move to other service even if Microsoft doesn’t have an agenda, do not wait to see the negative impact, make it clear that Mycroft will be paranoid so that you don’t need to be, so that you could have a peace of mind.
This move will most surely strengthen the bond and the trust between the project and it’s community.