Well this prevents my plan of "I'm never gonna die because I have to maintain this OSS project".
In the spirit of other legacy / succession features, is there an opposite option to prefer the account vanishes from the platform entirely?
This also reminds me of Debian WNPP listing where you can see requests of succession because of age/health/disinterest/etc. https://www.debian.org/devel/wnpp/
> In the spirit of other legacy / succession features, is there an opposite option to prefer the account vanishes from the platform entirely?
Earlier this year maintainer of MIT licensed zinit* somewhat disappeared from the internet. Issues weren't being addressed/replied to etc. This of course is fine, they're not expected to provide support or continue maintaining the project if they don't want to. However, in the past few months, the maintainer decided to remove all repos and organisations relating to zinit, causing everyone's profiles to suddenly stop working. People weren't able to initialise their dot files on a new machines. There was no backups nothing. I happened to do update my dot files to the latest version of all the plugins hours after the deletion of the repos, and my whole profile completely broke. I sat there for a good few hours trying to recover. Luckily git is graceful.
Unless there's a method to archive your public OSS repos, removing your profile means all your code will be gone too. At best that's an inconvenience to hobbyists, and at worst, it can break production systems.
In the case of zinit, luckily the community came together and were able to scrape back the latest code based on the local git repos of individuals. I think there are still some repos that have to be recovered.
* zinit is a zsh profile manager, allows for managing binaries, plugins, and other things.
I assume you don't mean these production systems are depending on reliable access to code in a third-party Github repo because that's fairly easily remedied by at least forking the repo once that repo becomes a dependency (not to mention potentially very dangerous in case of malicious changes), but I'm curious what the scenario you're referring to here is.
I assume you don't mean these production systems are depending on reliable access to code in a third-party Github repo
When are people going to stop feigning surprise at this? Being completely unable to deploy a new server just because pypi/npm/github etc. is down has been best practice and standard operating procedure for years now.
Keeping a complete audited mirror of everything needed to deploy your product and only pulling code for production from machines you have complete control over is so 2005.
The same happened to me and I decided to switch to antibody for plugin management. I no longer trust the maintainer as a viable option after what the author said on an earlier thread:
"I'm the projects' owner and I can delete them anytime I want. And that just happened – I've had some say major doubts whether I want the time-consuming projects to go on, so I've deleted them"
I didnt know that the community took up maintenance though. I will have to check it out.
It's not really the responsibility of solo OSS repo owners to resolve this.
It's likely no-one paid us for the code, we did it for a variety of reasons (itch to scratch, thought it was cool, intellectual interest, etc) but few to none of those reasons was to create an ongoing responsibility over the code.
For my repos, I chose a permissive licence... either MIT, BSD 3 clause, or even AGPL. You can fork away to your hearts content, and I don't have to be involved in that so long as you respect the licence it came under.
This does mean that if you are one of the tens of thousands of projects that imported code I wrote (or downstream from that the hundreds of thousands of websites that use those projects)... then yeah, you've got to fork and update your references, etc. And I am 100% OK with others (even a huge number of people) having to do such a piece of work... because no-one paid me to be responsible for the code I gave to everyone else.
This likely comes off as harsh, but I maintain a few repos that are widely used and the only way to make this enjoyable is to not accept the responsibility for things that I don't have to accept. I wrote the code, you can use the code, whilst I'm alive and using the code I'll maintain the code... but otherwise the licenses make you responsible for your own use of the code, I am not obligated to do more than I've done. The code can freeze in time and fade away, if others care then they can step up... if they care now, they can become co-maintainers or they can pay for the code so I choose to take responsibility for continuity.
I agree in general, but doing something like adding the project to https://www.codeshelter.co/ so someone else can pick it up if you're no longer interested in it doesn't seem like such a huge hassle, no?
I definitely agree that we shouldn't demand things from maintainers, though.
Sadly, the scenario that the successor feature is intended to prevent has very much become reality in the past. The creator of Luacheck (Peter Melnichenko) passed away a couple of years ago, and ever since then the GitHub repository has been in a state of limbo. Multiple unofficial forks have come and gone, but Peter's is still the first result on Google if you search "luacheck". It isn't even possible to change the README or pin an issue to get people's attention about the primary fork; to this day people are still posting issues to the old repo.
And Luacheck is "the" Lua static analysis tool that pretty much everyone uses, so it's a very significant problem.
I find it weird that they use so many euphemisms for death when its the main motivation for the feature here. Is it really that uncomfortable for some?
When I interviewed at GitHub, I had to answer some questions to determine how inclusive I really am. Microsoft is very big on this new type of culture.
Github/Microsoft also immediately jumped at the PR opportunity to be among first companies to tone-police things like master/slave, whitelist/blacklist etc.
Always funny when organizations paint themselves as do-gooders and people even applaud them for it. While in reality Both MS and Github have contracts with ICE, there is JEDI, HoloLens, AnyVision, ... The tone-policing and pandering to the woke mob / cancel culture, is just to distract from the actual disgusting things they do. The Wikipedia entry on FUD makes for an interesting read in corporate propaganda.
It's kind of amazing the way woke culture got contorted so much compared to its radicalized origins and how it achieved widespread notoriety only after morphing into some sort of language policing movement with a nullified political impact.
There seems to be a concentrated effort to de-politicize the economy and to de-economize politics. The left used to be all about things that impacted the bottom line of capitalists such as maximizing worker's rights and leverage. Now it's about gender identity and tone policing.
> to distract from the actual disgusting things they do.
I dislike war and all its horrors as well, but curious, what do you think would happen if a 'magic' event occurred and the US decommissioned its military presence and all advanced technology, command center software etc.. (MSFT/PLTR/etc) ? Surely no other country would abuse this in the next 100 years right? right?
> I dislike war and all its horrors as well, but ...
> Surely no other country ...
I'm not anti-American. I'm anti-unchecked-capitalism. But I understand to most Americans that's tomato tomato potato potato.
Corporations need to be stripped of their rights so the result (tax law) looks closer to what existed in the 60's so they have enough cash to educate their citizens on basic common sense. A country that spends trillions on Pentagon and defense but is unable to provide basic healthcare, min. wage, 30 days paid vacation for every employee is simply a backward land of hillbillies and trailer park trash. No country hates their poor as much as Americans.
For sure it's profitable keeping most citizens dumb and below the poverty line, but it's unhealthy. And it also violates all laws of human decency. Especially when they're also in the business of tone-policing the rest of the world and exporting their "values" with foreign policies.
I really want the US to be a role-model because the world needs one. But bloody hell they should try a little harder and start treating their own people like people.
Understand that most Americans who oppose this don't hate their fellow citizens; they see their government as an unwieldy monster bigger than any corporation, and they just want to put on the brakes.
Is talking about death not inclusive? I would have thought it was about as inclusive as one could get seeing as it is a life experience that applies to literally everyone.
The whole inclusion also includes providing safe space, which I noticed means to basically act like there is only good things. So if you mention death in a different context it could trigger someone who recently lost someone, for example.
Personally, I am not a fan of this, but this is how I understand this.
I understand that, but do you really think that it helps you cope and move on over time if you just avoid the word death forever?
When I lost my dog it was devastating to see other dogs. But it really helped me move on to just expose myself to more dogs and eventually even get a new one.
Interesting. The thought of death calms my anxiety because I know* that if I die then all my worries will be taken away, and nothing will really matter anymore. It's the prospect of an unhappy or difficult life that worry me.
> to manage your user owned repositories if you cannot
At first I was thinking this was more general, like say you got trapped in Afghanistan with no internet and nothing but a phone line, you could direct your successor to take over your project. But then the process clearly states you have to submit a death certificate.
I agree with gp: why the obscure language. Why not just "in the unfortunate event of your death blah blah blah"?
Actually the trapped without internet thing makes me think. Why not do some sort of dead-man-switch? I.e. when you haven't committed (or been online) in X months the project is transferred to your successor.
People have different sensitivities to the subject of mortality and death, I guess.
I grew in a European catholic majority country and I can say death is much more of a taboo and a Bad Subject to discuss in general (at least compared to protestant majority countries).
I've been seeing this a lot recently as my father died before Christmas. I think it's also down to people trying to be sensitive too - back when he was in the hospital I had many calls from doctors and nurses and there was a wide range of words and phrases used to talk about how long he had left, the possibility of death etc. It's the same too now that I'm dealing with closing down all of his accounts.
Death, especially in the USA, seems to be fraught with propriety pitfalls when speaking about it with strangers.
I'm not so sure why. It could be the general American cultural tendency toward heavy euphemism.
Naturally, any GitHub announcement is going to be run past world-class PR staff abiding by Microsoft corporate policies (that is, burn no bridges, offend no one, take no unnecessary risks with the brand). Microsoft is a US company with primarily US decisionmakers.
a squared plus b squared equals fearful, bland, and circumloquacious.
Because a lot of "weird" cultural norms in the US are based on its roots of puritanism.
> At the same time, the Puritans regarded death as God's punishment for human sinfulness and on their deathbeds many New Englanders trembled with fear that they might suffer eternal damnation in Hell.
Total plug here, but please don't wait until you die to allow others to maintain the projects you've lost interest in. I'd encourage you to take five seconds and add them to the Code Shelter (https://www.codeshelter.co/).
Is this really necessary? Can't other maintainers simply fork the project and start working on it? People will eventually realize the fork is the only version that's still active and it will become the canonical version.
ZBar is an example of this. Nowadays it is maintained by Mauro Carvalho Chehab, a Linux kernel developer. Found out about this fork because it's the source of my Linux distribution's zbar package. Ended up contributing some code to it.
Well, you ask "is this really necessary?" and then go on to say "people work around it by doing a bunch of work", so I think that's the answer to your question.
Is there a way to combine this with the OP, and designate Code Shelter itself as a successor for GitHub projects?
That would be useful as a way to ensure future maintenance of projects that are currently still actively maintained. Designating a volunteer org like this as a successor makes more sense to me than picking a random individual.
It's not very well-supported (given that I heard about this feature today), but you can invite https://github.com/CodeShelterBot to be your successor and I can add the projects to the Shelter manually through it.
I think this opens another Pandora's box of fake posts from nominated accounts.
Someone nominated their spouse, they are splitting and the spouse makes a fake demise post. Can legit get people to panic if the person in question is famous enough.
Also, if you are careful with your accounts (random 30 character length passwords, 2FA etc) and your nominated successor has not, that's an additional attack vector.
Personal anecdote: The LinkedIn thing happened to me. My skip level manager died in a freak accident (He was 44-45 yrs old at that time) and I noticed his profile until as recently as about a year ago. It still showed him employed at the company. I am sure people got "Congratulate <person> for completing his 5th year at <company>" while his profile was around.
His profile has now been deleted. Not sure who did it or how it happened.
For me, LinkedIn seems the best channel to reach out to my network for something like this. I am not on Facebook and I don't think many people pay attention to obituarys in newspapers any more. But I think I have a plan now. I will put the instructions in an envelope and include the password plus the 2FA reserve code with it. I will put the envelope in a place in my home and let my sucessor know about it through an online service I have found and trust.
Or if the earth gets hit by an asteroid? How do you take care about your various online accounts then?
I would just pass a note to my relatives with my passwords and they then may delete accounts, or not. I rather care about my real life to be honest, and not my virtual legacy.
I live in Sweden but I found several options offered by funeral homes/ undertaker associations. They are usually called "The White Archive" (but in Swedish) and were free as well.
Does this only apply to dying? "if you cannot" implies that it could relate to other states of permanent incapacity (my dad has late stage dementia with no personal capacity, so this issue is front of mind for me) but then it goes on about needing a death certificate, etc. A power of attorney or similar would also seem appropriate for taking over this role.
"or presenting an obituary then waiting for 21 days" this part feels a little loose to me. Say you have a falling out with someone and forget to remove them as a successor, this could be socially engineered.
Many what-ifs in your statement. you add them, you fall out, you forget to remove them, they socially engineer an obituary, you some how don’t respond in 21 days?
From personal experience people tend to forget things. I think we'll see a front page hackernews article about a "stolen" repo with this method at some point in the future.
At least in the US, the legal repercussions for faking someone else's death should hopefully deter anyone who would go this particular route in order to take over a repository. Other countries may present a challenge.
I'm a big fan of this feature, but I do think GitHub would do well to institute a "real name"/identity policy for successors. That won't be infallible either, but it's another hurdle for a would-be fraudster to climb over.
> Once we have received your request, we may follow up with a request for additional information, such as a copy of your photo identification, copy of the death certificate, and documentation confirming you are authorized to act in relation to the deceased user’s account, to verify that we are properly authorized to process your request.
Agreed, or in what will be a more likely case, someone who you have designated as a successor has their account compromised. Then, the attacker escalates that into an attack on your repositories. The 21-day countdown would still be a deterrent, but as an attacker it would be worthwhile to try this on every account you have successor access to and see if perhaps someone doesn't check their email.
Obituaries seem hard to link to a specific individual. Step 1, find a repo managed by someone with a common name (eg, Jane Smith). Step 2 wait for anyone in the world with that name to die. Step 3 wait for them to go on a long break and present the obit to GitHub for access.
Good point, I missed that pet and I think prevents the whole scenario I wrote. So it seems safe given that people aren’t likely to appoint randos their successor.
I have PoA for my father, and am the executor of his trust once he passes- in the hypothetical scenario where he had a github presence (he doesn't) would a death certificate plus copies of the trust, PoA, etc be sufficient for me to gain successor status if he never named me?
Could I gain it with only PoA (for property and/or medical)?
If I can see the code and clone the repo then regardless of whether Github allows me to automatically fork it, I can fork it myself just be adding another remote.
Might be nice to allow a private repo to be made public by a successor. Successor could always clone to a public repo or somesuch, but it might be clearer if it was a github allowed pathway.
I support the idea - but what is the typical use-case?
From what I see, people stop maintaining projects WELL before their death.
(With a few exception of really unexpected deaths at a young age - theirs and their project's.)
At the same time, for open-source project, one can fork them. Under a different leadership, the project usually changes a but.
You hit the nail on the head but also missed it too - unexpected deaths can occur at any age, so it's not impossible that this could happen to the owner of an extremely popular repo.
You can definitely fork the project, but there's more continuity if the existing project can be transferred to a different owner, or a notice added to the readme pointing the reader to the forked project. What about the deceased's private repos (which may or may not be important), or their account in general?
This is all quite fresh in my mind as I'm currently working through closing all my father's accounts down after he died recently, and social media accounts are much more difficult to deal with in some ways than utilities, insurances etc.
Who is GitHub’s successor? This is a nice feature and conveys lots of info about individuals if revealed. It would be neat to see it on org accounts and for companies. It GitHub explicitly named that everything goes to somewhere (eg, sr.ht) when they croak as a corporation.
I managed to get some IP when a startup I worked for shut down by staying until I was the last “employee” keeping the lights on. By then, I was a contractor though, and part of the contract was getting certain IP I wanted. It’s just sitting in a private repo and maybe someday I’ll get around to open sourcing it.
This is weird, because it requires actively planning for your death (which some people do, of course, but most do not), and also because it does nothing that can't be done by just cloning repos.
> because it requires actively planning for your death (which some people do, of course, but most do not),
It is a thing everybody should do, though. Starting with a patient's provision stating which effort should be taken to keep you alive to a last will which should include not only statements about your property, but also includes requests on what to do with your body.
Having that clearly written down, takes away a lot of problems from your relatives, who otherwise have to take many decisions in short time.
In the spirit of other legacy / succession features, is there an opposite option to prefer the account vanishes from the platform entirely?
This also reminds me of Debian WNPP listing where you can see requests of succession because of age/health/disinterest/etc. https://www.debian.org/devel/wnpp/