An anonymous user has released the source code of GitHub, the popular code-sharing website.
The GitHub source code has been committed by the anonymous user to the DMCA repository on GitHub and posting as the CEO of GitHub, Nat Friedman by exploiting a bug/hack in GitHub or Git software.
The popular code-sharing website now owned by Microsoft is a popular place amongst the open-source community to share code and collaborate on open-source software.
All most all the top silicon valley companies such as Facebook, Google, Apple, all use GitHub to share their open-source projects. Even some of the most popular frameworks such as react, Vue are all hosted on GitHub.
GitHub is still a closed source application
Even though thousands of open-source projects use GitHub to share their code, the GitHub platform itself is a closed-sourced application. However, it’s the popular belief that the majority of GitHub was written using Ruby.
The commit has since been removed by GitHub and no longer accessible. However, the commit is still accessible on WebArchive, and at the time of writing, the source code can still be downloaded from WebArchive.
The commit message says, “felt cute, might put gh source code on dmca repo now idk”.
Even though some FOSS supporters argue that GitHub should open-source their code, some argue that there is no value in open-sourcing GitHub. Since there are platforms such as GitLab already exist that provide almost similar functionality to GitHub and are open source.
It’s not a hack, your data is likely to be safe
According to the CEO of GitHub, the leak is not due to a hack, but GitHub has accidentally sent the source-code to its GitHub enterprise edition to some customers. That is the likely source of the leak.
“GitHub hasn’t been hacked. We accidentally shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers a couple of months ago. It shares code with github.com. As others have pointed out, much of GitHub is written in Ruby.”
Nat Friedman CEO of GitHub
However, whether a malicious parties can exploit a vulnerability by using the source code is something yet to be see, and the hack or bug used by the leaker to pose as the CEO of GitHub is also yet to be figured out.
