Git is decentralised-by-design source control management. It is meant to be self-hosted and self-controlled. These are important properties inherent in all free and libre software. If you have a copy, you have the right to that copy. Not like when you purchase a compact disc with music, when you might own the piece of processed plastic and aluminum but not the content stored on it.
GitHub, on the other hand, is centralised. It runs proprietary source code on the back-end. Users may not copy GitHub in order to run it on their own infrastructure. If GitHub has an outage, every single user has to suffer through it all the same. If GitHub gets hacked, every single user on the disservice gets hacked. If GitHub goes bankrupt? Well, then every single user on that platform loses. As well as all the users of software hosted on GitHub.
Decentralisation is an integral part of a software project I’m involved with, GNU social, for which we use git for version control and development. We might as well have used something like Mercurial, but for all our intents and purposes they are equivalent. Both mainline implementations of Mercurial and Git are free, libre software and they both let developers work independently and then merge the differences in a relatively seamless manner. It just so happens that git was the choice of the StatusNet developers and we’ve kept using it. But the mainline repository has always been hosted along with issue tracking using libre software.
But developers, even FLOSS developers, seem to flock to GitHub. Developer-related websites with OAuth-enabled logins centralise to GitHub (instead of something truly federated like OpenID 1.0). Projects, even large-scale free software projects, leave self-hosting to instead embed themselves in the fabric of centralised, proprietary vendor lock-in. Python has decided to move to GitHub for example (leaving Mercurial for source control, but keeping their own issue tracking) – essentially with the argument “everyone is there and other alternatives didn’t have killer features” (forgetting that software freedom is the biggest feature of all!).
Now, you may argue, git is still decentralised. Absolutely, when GitHub goes badonkers and either starts with advertisement (as all proprietary gratis services seem to) you can just move the repository since you’ll still have your local copy (Right? You’re not working with some cloud-based service without keeping a local copy? RIGHT?!). I just don’t personally want to find myself trying to change all the URLs everywhere, trying to communicate to all developers and users how to find new copies and set up a new issue tracking system and move all the issues and all the accounts and all the other things I can’t even think of.
But the worst case scenario of lock-in is that people become used to it. GitHub will undoubtedly start doing something annoying. Maybe it’s not third-party advertisement, maybe it’s something more subtle. Maybe less subtle, like blastering some repositories’ administrator e-mail inboxes with “upgrade plans” or other things that can’t be clicked away. Maybe they’ll undevelop their API and require you to use their website instead of a desktop client – unless it’s their desktop client. And when this happens, and repository owners get annoyed, they can’t channel their contributors to other sites because “that’s too much work” (for both sides of the situation). Because “everyone” are on GitHub.
But at least I’m not anymore.