A ton of proprietary code lives on GitHub, on closed paid repos. A lot of people reasonably think that GitHub's security chops are better than theirs.
But if you care, there is a whole gamut of on-prem solutions, from running bare cgit to fluff like Gitea and GitLab.
Lock up your central repo machine all you want, the code is still checked out to developers' laptops. For more security, don't allow that, and let your devs connect to a server with all necessary tools and access to the code, but without general internet access, for instance.
I wish something like Forgejo/Gitea had federated identities so that I could fork a project on the server you're hosting and submit a PR as easily as I can do that if you're hosting it on GitHub today. Everything you're asking for is available today in self-hosted services. I mean, consider that you don't even need a Git server. You can swap code with your pals via SSH/email/whatever right now, today, without the rest of the world even knowing about it.
That's true, but if you have unusual requirements that make GitHub impractical, there are other options. Devs can update their origin to point at a shared SSH server and coordinate merges through email or Signal or anything else. I think that's a lot more practical than hoping GitHub adds something like end-to-end encryption, or worrying that they might train their LLMs against private code.
Where the host is simply an ssh server you have access to. Encrypt the servers drive itself however you see fit. This is how git is traditionally used btw. GitHub is a third party to the git ecosystem and really there’s little reason to use it for private repos. Just use ssh for the remote connection.
> really there’s little reason to use it for private repos
Admin costs? I paid $7/month to github for years for private repos (atm private repos are free so i switched to not paying when the card i was using acted up and i couldn't be bothered to fix it). I'm sure the time I would have spent admining a ssh based server would have cost more, even at 1 hour/month.
It won't be another git service that replaces github. It will be something completely out of left field that replaces git and that method of code collaboration. There is only incremental improvements to be made to git. It will take a brand new hotness with a brand new way of doing things that shakes things up.
It's extremely difficult to unseat the leader with a superior product alone. Once sufficient traction is established, people will flock to where everyone else is, further cementing their position. It also requires monumental fumbles by the leader to actively push people away from the platform. Unfortunately for those who don't like GitHub, it's run by a company with limitless resources to pour into it, or to flatout buy out its competition. Microsoft has a lot of experience with this.
> I really liked source hut.
Sourcehut never has and likely never will be a serious competitor. Its UX and goals are entirely different, and it's directed towards a very niche audience unlike GH.
Just people/products that are temporarily on top.
SourceForge was probably "the winner" for some time.
The same will be for GitHub.
Someone just needs to build an actual superior product and provide a service that GitHub will not provide. Then build a sufficient audience.
One such service is an end to end encrypted Git repo service.
Some anarchists I know don't want everyone to know what they are working on.
The same goes for algorithmic trading. I need strong guarantees that my code will not be used to train an LLM that will leak my edge.
I am shocked a superior Git service to GitHub has not been built.
I really liked source hut. But the custodian is abit arrogant (crypto projects for instance are banned)