zlacker

[parent] [thread] 10 comments
1. sokolo+(OP)[view] [source] 2024-01-18 18:55:20
At the risk of asking a dumb question, what does a git push do for you there? (Fully agree on the clone locally point.)
replies(3): >>pc86+L >>jeroen+r3 >>nostra+X3
2. pc86+L[view] [source] 2024-01-18 18:58:50
>>sokolo+(OP)
Not the GP but at that point it's available and more discoverable for at least a little while longer for others (and no guarantee you'd get hit with a takedown as well).
replies(2): >>sokolo+91 >>hoover+Vu
◧◩
3. sokolo+91[view] [source] [discussion] 2024-01-18 19:00:54
>>pc86+L
Thank you! I was considering a different/lesser form of "keep it privately available" (as I suspected that keeping it widely/anonymously publicly available was never going to work.)
4. jeroen+r3[view] [source] 2024-01-18 19:13:00
>>sokolo+(OP)
If Github doesn't realise you forked the project, it doesn't appear in the list of forks, which a lot of companies use when sending an actual DMCA notice to Github.

I'm not sure what you'd need to do to disconnect your fork, but clicking the "fork" button will often get your repo automatically taken down if the parent repository gets DMCA'd.

If the commit history is different (say, because you rebased the project onto a slightly different initial state), Github won't auto-detect the fork as easily, so the lawyers would need to find your project and include it in their takedown notice.

replies(1): >>sokolo+YT
5. nostra+X3[view] [source] 2024-01-18 19:14:52
>>sokolo+(OP)
It's not marked as a fork in their systems. Instead, it's as if you'd written a bunch of code in a local repository and then pushed it to GitHub.

It could still be identified as the same codebase by eg. comparing commit hashes or content hashes, but that's harder. If you really want to be sure, clone the repository, make a few local edits to files (eg. adding a comment to each file), copy the full source repository to a new directory in the filesystem, git init that as a new repository, commit changes, and push. That blows away all the existing history of commits, and ensures that each file has a different hash. It's still technically possible to detect it as a dupe, but would require an extremely expensive shingling or filesystem diff on every repository in GitHub.

replies(2): >>aaomid+Bi >>penter+dm3
◧◩
6. aaomid+Bi[view] [source] [discussion] 2024-01-18 20:24:26
>>nostra+X3
Find the first commit and overwrite it :P
replies(2): >>bspamm+4q >>xeroma+sS
◧◩◪
7. bspamm+4q[view] [source] [discussion] 2024-01-18 20:58:29
>>aaomid+Bi
That could still be fairly easily detected by looking at the tree and blob ids.
◧◩
8. hoover+Vu[view] [source] [discussion] 2024-01-18 21:19:42
>>pc86+L
Don't rely on GH alone. Save a local copy. Host it somewhere that isn't so centralized and discoverable. One upside of increasing centralization is that people who you don't want finding things are awful at finding said things that exist outside it.
◧◩◪
9. xeroma+sS[view] [source] [discussion] 2024-01-18 23:21:23
>>aaomid+Bi
I never use squash but couldn't you squash all the commits into a new one for a new history?
◧◩
10. sokolo+YT[view] [source] [discussion] 2024-01-18 23:31:37
>>jeroen+r3
When I read ‘git clone’, I assumed “on the command line of a machine you control, run git clone” not “use GitHub’s repo fork web interface action”.
◧◩
11. penter+dm3[view] [source] [discussion] 2024-01-19 18:10:04
>>nostra+X3
> It's still technically possible to detect it as a dupe, but would require an extremely expensive shingling or filesystem diff on every repository in GitHub.

Wouldn't a GitHub search still find it pretty easily? As I understand it, they put significant effort into supporting search; but since that's being done anyway, it doesn't have a very high marginal cost.

[go to top]