1

The question of GitHub alternatives has been raised and closed. Alternative, backup repos exist.

That said, I have not seen any contingencies for planning the social move to those repos and organizing developer efforts for maintaining Core in the face of a GitHub ban.

It seems inevitable, given the recent experiments with banning individual developers or entire projects.

Existing guidelines for contributing to Core seem to exclusively revolve around GitHub.

In the event of GitHub banning Core maintainers or Core itself, where do developers gather to communicate and collaborate for reliable development and maintenance of Bitcoin?

Michael Folkson
  • 15,313
  • 3
  • 17
  • 53
jarctu
  • 13
  • 4

2 Answers2

1

To date GitHub has restricted developer accounts from Iran, Crimea, Cuba, North Korea and has taken down certain projects (e.g. an Ethereum open source privacy project Tornado Cash though Tornado Cash is now back up). GitHub is owned by a US corporation (Microsoft) and is clearly at a minimum bound by US law and US sanctions. There seems to be evidence that it is willing to take actions beyond what it is required by US law and US sanctions though as you suggest.

I have not seen any contingencies for planning the social move to those repos and organizing developer efforts for maintaining Core in the face of a GitHub ban.

No such plans have been made public as far as I'm aware. Recall that no maintainer or no contributor can bind the project to a particular future contingency plan even if they drafted such a plan.

It seems inevitable, given the recent experiments with banning individual developers or entire projects.

It is certainly a possibility but I would say "inevitable" is a bit strong. The best case scenario is GitHub realized that taking down Tornado Cash was an error, reversed that decision and won't pursue similar actions in future for other privacy projects, let alone full node implementations. The worst case scenario is GitHub takes down Bitcoin Core, all other Bitcoin open source projects and restricts the accounts of maintainers and contributors to these projects. Clearly if the worst case scenario happens a plan will have to drafted and executed but I suspect most maintainers and contributors have their fingers crossed that it won't get much worse than the best case scenario. I don't know of any long term contributors that have been impacted by the Iran, Crimea, Cuba, North Korea etc restrictions.

So thus far the GitHub actions haven't caused enough pain on the project to motivate a serious effort to plan for a move away from GitHub. I'm not saying that this is right or wrong, merely that that's the reality. It would be a headache to execute (choosing the replacement, updating docs, potentially worsening the new contributor experience) and many contributors like the convenience, user interface and funding initiatives on GitHub. If the pain increases and we start to move closer to the worst case scenario and away from the best case scenario I am sure we will see more activity and interest in this area.

In the event of GitHub banning Core maintainers or Core itself, where do developers gather to communicate and collaborate for reliable development and maintenance of Bitcoin?

It would most likely be discussed on Libera IRC (#bitcoin-core-dev channel), the Bitcoin dev mailing list and Bitcoin Core dev mailing list. Bitcoin Optech and bitcoincore.org would also be possible sources of information.

Disclaimer: This is just my personal view, no one can speak for the Bitcoin Core project (and certainly not me) but I hope this is somewhat helpful.

This topic was also discussed at the recent Core dev meeting (Bryan Bishop transcript).

Michael Folkson
  • 15,313
  • 3
  • 17
  • 53
  • 1
    I appreciate your view and acknowledge your disclaimers. I suppose I'm surprised there isn't more urgency in the ecosystem to preempt these possibilities.

    "Clearly if the worst case scenario happens a plan will have to drafted and executed" E.g. wouldn't it be a worse headache - with higher chance of failure - to draft a plan after the worst case has already happened?

    It seems like a mismatch to aspire for extraordinary development in financial freedoms while crossing fingers that those entrenched in the existing system will not take extraordinary measures to fight back.

     – jarctu Oct 11 '22 at 17:25
  • Think through what happens though. The Core GitHub repo is taken down which throws a wrench into the opening of PRs, review of PRs, merging of PRs. Still possible to do these things via maintainers but more friction, will take longer to get comparable amounts of review etc. Possibly the release schedule is pushed back until the project is back up and running elsewhere. Users can still run old versions of Core. The central repo can get taken down for weeks or possibly even months and this doesn't disrupt mining or the validation of the network nodes. – Michael Folkson Oct 11 '22 at 18:30
  • The only really concerning scenario would be if a consensus bug was discovered, an emergency fix was required and GitHub took down the repo at the same time making it harder to distribute the release. Otherwise it is just a pain and disrupts the project for a few weeks. – Michael Folkson Oct 11 '22 at 18:35
  • 1
    That's a great point about the existing versions of Core being unaffected. I don't think I was considering that sufficiently in my premise. In the same spirit as your hypothetical bug+takedown, I do think malicious actors could leverage the delay and chaos following a GH ban to launch attacks of varying severity. Such as media disinfo campaigns, impersonating known devs on other platforms, promoting falsified repos, and so on. This could all be countered, as well, though, and I might be leaving the scope of this premise and platform if I try for every imaginable threat scenario. Cheers. – jarctu Oct 13 '22 at 04:42
0

It seems inevitable, given the recent experiments with banning individual developers or entire projects.

I doubt Microsoft will ban bitcoin core maintainers or the project itself because it would affect its business. Bitcoin Core is among top 10 critical C++ open source projects. However, Microsoft has a history of controversies that indicate the influence of US government agencies in the way it works. So, banning bitcoin core or related developers is only possible if the US government takes such drastic measures at some point in the future, which is entirely possible.

This is more likely for the projects that are associated with mixing of cryptocurrencies.

In the event of GitHub banning Core maintainers or Core itself, where do developers gather to communicate and collaborate for reliable development and maintenance of Bitcoin?

  • Gitlab cannot be used as it was founded in Ukraine but moved to California later
  • Radicle uses git over p2p network, however bitcoin developers might not use it because of the token
  • There was some discussion to create a github clone over nostr, however nobody tried it yet and there are some issues with difference in signatures used by nostr and git. A few alternatives that were suggested: gitea and gogs

Related links:

https://github.com/bitcoin-core/bitcoin-devwiki/wiki/GitHub-alternatives-for-Bitcoin-Core

https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1302