This kind of migration is apparently easier than it sounds.

Honestly, it took much longer than I expected. Now you know that GitHub has really become a conduit for Microsoft's AI initiatives.

Another example of attack vectors emerging with adding more and more LLM agents in the development process.

Definitely an interesting tool. GitHub Actions workflow aren't easy to setup while ensuring they're secure, having a tool analyzing them for issues can only help.

Basically the wording allows them to feed whatever system they want with your code... even in private repositories.

Nice to see there are still people out there keeping in mind the "let's not put all our eggs in the same basket". This is especially important for systems with such vendor lock-in as GitHub. I'm a bit less convinced about replacing Git itself for now.

Good reasons to leave indeed. Better host your projects somewhere else.

Early days for this type of research so a couple of limitations to keep in mind while reading this paper. Most notably: rather small sample explored (it's a qualitative study) and tends to conflate GitHub with "the Open Source community". The later especially matters since the vibe can be very different outside of GitHub.
That being said, very interesting findings in there. Some validate my experience with GitHub. It's clear that compared to other spaces there's much more entitlement behavior from some people. Interestingly the words seem on average less violent (although it does happen of course) than in other platforms... still this is important to keep in check since it could have implication toward prospective contributors.
The last point in their discussion section is promising. Some of the current manual interventions from maintainers seem to have good results (encouraging) and it seems possible to at least semi-automate the handling of toxic comments which could help with maintainers well-being.

Definitely agree with this, Github benefited from a powerful network effect and now a good chunk of important projects are "trapped" there. This can't be good long term.

Interesting reverse engineering job of Copilot's client side to have a better idea at which information it actually feeds to the model. A couple of funny tricks to prepare the prompt are involved. Obviously some telemetry involved as well, again with interesting heuristics to try to figure out if the user kept the suggestion or not.

Alright, this going to be interesting. Pass me the pop corn. It's definitely a welcome move in any case.

Indeed, this is going to be "interesting" in educational situations... I guess that'll at least push into richer assignments.

Very interesting thought experiment around Copilot's legality. I'd love to see that happen and see what the outcome would be.

There's really a problem with GitHub overall... and the Copilot move is definitely worrying. Not Copilot by itself really but how they just don't want to tackle the questions it raises.

I don't like GitHub Actions much if at all. Still, this is a nice curated list which can come in handy when having to work with it.

I think this is the best analysis about GitHub Copilot so far. Clearly using it in production today carries lots of risks. It might improve in the future but only marginally and likely with quite some effort. Not sure it'll pass the threshold to be anything else than a funny toy.

Yes, the permission model of GitHub gives me the creeps as well... A couple of the examples given in there are really problematic and need to be addressed. This is even more important seeing the amount of stuff hosted on GitHub nowadays.