[Request] Move from github

[jackffmm]

github will require phone number to login, soon. So this with the other reasons, should make you consider move from github to gitlab or codeberg, or similar.

[Gojkira]

Requiring 2FA and requiring a phone number are two very different things.

[jackffmm]

Requiring 2FA and requiring a phone number are two very different things.

I dont remember the exact words on the warning... i think it require phone number... but if u know more why dont u share ?

[lainedfles]

Requiring 2FA and requiring a phone number are two very different things.

I dont remember the exact words on the warning... i think it require phone number... but if u know more why dont u share ?

The fact that GitHub has been owned by microsoft since 2018 is enough justification to consider migration elsewhere.

@jackffmm I'd wager that @Gojkira is correct in the assumption that the warning you've encountered is due to the recent rollout of 2FA enforcement directed to code contributors:

Note: Starting in March 2023 and through the end of 2023, GitHub will gradually begin to require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA). If you are in an eligible group, you will receive a notification email when that group is selected for enrollment, marking the beginning of a 45-day 2FA enrollment period, and you will see banners asking you to enroll in 2FA on GitHub.com. If you don't receive a notification, then you are not part of a group required to enable 2FA, though we strongly recommend it.

For more information about the 2FA enrollment rollout, see this blog post.

Especially pertinent citation from the linked blog post:

You can choose between TOTP, SMS, security keys, or GitHub Mobile as your preferred 2FA method. We strongly recommend the use of security keys and TOTPs wherever possible. SMS-based 2FA does not provide the same level of protection, and it is no longer recommended under NIST 800-63B.

A phone number is not required nor is it recommended. If you're leery to mix your GitHub communication with your phone, there are open-source alternatives that function on the desktop. Here is one: https://gitlab.gnome.org/World/Authenticator

If you've been selected for enforcement, I believe that there should be an accompanying email somewhere that may confirm your suspicion. Otherwise there doesn't seem to be any evidence to support the supposition that a phone number will be required in the future.

[jackffmm]

@lainedfles owned by microsoft, and dont forget that you are training theyr AI, so u r making skynet.

totp, security keys, gh mobile ? look like the other option are worse @Gojkira .

thanks for the info lained.

[RokeJulianLockhart]

I don't care about privacy and whatnot, I just support this because I seriously prefer GitLab. I find it's significantly more powerful and versatile.

[Gojkira]

The fact that GitHub has been owned by microsoft since 2018 is enough justification to consider migration elsewhere.

This is true. It should also be noted that Gitlab has gotten a significant amount of funding from Google (https://techcrunch.com/2017/10/09/gitlab-raises-20m-series-c-round-led-by-gv). Five years later and I don't see either Github or Gitlab being negatively affected by their ownership/sources of funding so I think people may be overemphasising these points.

totp, security keys, gh mobile ? look like the other option are worse @Gojkira .

I'm not sure how you can interpret that TOTP and security keys are both worse than SMS 2FA for either privacy or security,

[jackffmm]

true, i dont gitlab neither but better than gh. there is a number of big tech logos on the home page.