The GitHub Blog

GitHub Pages will upgrade to Jekyll 3.2 on August 23rd.

The upgrade to Jekyll 3.2 comes with over 100 improvements including the introduction of themes, meaning that soon, you'll be able to create a beautiful site in minutes by simply adding theme: my-awesome-theme to your site's config, without needing to copy styles or templates into your site's repository.

This should be a seamless transition for all GitHub Pages users, but if you have a particularly complex Jekyll site, we recommend building your site locally with the latest version of Jekyll 3.2.x prior to August 23rd to ensure your site continues to build as expected.

For more information, see the Jekyll changelog and if you have any questions, we encourage you to get in touch with us.

You can now search for wiki pages from either the main search page, or within a repository. Quickly discover how to use the exec command of your Redis client, or find that one page which mentioned how Guard interacts with Vim.

Check out the GitHub Help documentation for more information on how to search wiki pages, including ways to improve your results.

Universe is three full days of featured community speakers, in-depth product training, keynotes from GitHub leadership, and breakout sessions led by experts from across the industry. You'll hear from the GitHub product and engineering teams about what's new and get an inside look at how we're building GitHub.

Hear from both GitHub CEO Chris Wanstrath and VP of Social Impact Nicole Sanchez in their opening keynotes each day, as well as breakout sessions featuring the GitHub team on topics like:

Atom and Electron
GitHub Enterprise
Community and Safety
GitHub tips and tricks and the GitHub flow

Check out the full lineup of GitHub speakers.

Training Day

Before the conference begins, you can participate in comprehensive and in-depth learning from GitHub's Professional Services team. For an additional $100, you can register for sessions like:

Getting Started with Innersourcing
Git Cozy: Gaining Confidence via Visualizations
Getting Started with ChatOps

See all the training session details and then grab a ticket.

Send your whole team to Universe

Want to send your whole team to GitHub Universe to level up their skills and trade knowledge with GitHub engineers and trainers? If you buy 4 or more tickets, you'll get $99 off each registration. We'll see you at Pier 70 on September 14!

A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for teams to protect their projects and definitively know who authored a commit. The release also includes several API previews to help you create integrations that enforce customized policies and fit your workflows.

Continuing the effort to make collaboration seamless, GitHub Enterprise 2.7 adds new tools for developers, designers, product managers, and team leads to work together and communicate. Updates include the ability to assign multiple people to an issue, reorder task lists, and labels to indicate whether an issue or pull request comment has been edited.

Ready to upgrade? Download GitHub Enterprise 2.7.

Know that code comes from a verified source

When building software with a large or distributed team, it's important to validate that commits and tags are coming from an identified source. Now you can definitively know who authored code or pushed a change to production with GPG signature verification.

When you view a signed commit or tag, you can see a badge indicating if the signature can be verified using any of the contributor's GPG keys uploaded to your GitHub Enterprise appliance. This makes it easy to see if a signature is from a verified key that GitHub trusts. To learn more about how to generate a GPG key and start signing your work, check out our documentation on GPG.

Fine tune the way you work

You know your workflow best. To help you work the way you want to, this update includes a series of significant API updates that allow you to further customize GitHub Enterprise, build integrations, and use automation to enforce policies. Check out the documentation for the pre-receive hooks API, protected branches API, reactions API, locking and unlocking issues via the API, and squashing pull requests in the API.

The release also adds ways for you to streamline your development process:

Make it a group effort. Assign multiple users to tasks, adding up to 10 people to a given issue or pull request.
Easily prioritize task lists without editing markdown. Drag and drop checklist items to position them higher or lower in a list.
Know when comments have been edited. When you or your coworker makes an edit, you'll see an "edited" badge in the comment header.

Upgrade today

Upgrade today so you and your team can start using GPG signature verification and keep improving the way you work. You can also check out the release notes to see what else is new or enable update checks to automatically check for the latest releases of GitHub Enterprise.

To learn more about GitHub Enterprise 2.7 and the future of software, come to GitHub Universe on September 13-15.

Organization owners are able to reinstate members that have been removed from an organization.

Reinstating a member will restore organization and team memberships, forks of private repositories, issue assignments, repository subscriptions, repository stars, and custom email routing settings.

You can reinstate a former member by inviting them through the standard organization invitation flow.

Restored members will receive an email inviting them back to the organization, and their previous settings will be reinstated.

In May, 600 developers converged in Amsterdam for GitHub Satellite, the first-ever international conference in the GitHub Universe event series.

GitHub CEO Chris Wanstrath began the day by sharing some new developments from around the GitHub Universe, including the announcement of unlimited free private repositories, as well as the launch of Electron 1.0.

We then broke into our Discover and Develop tracks to get expert advice from engineers, founders, activists, and more on how to create impactful technologies. Among those who shared their stories were developers from gov.uk, SAP, Spotify, and IBM.

The videos from GitHub Satellite are now available for you to watch online anytime. To get a feel for what GitHub Satellite is all about, check out our wrap video below, featuring GitHub's VP of Social Impact, Nicole Sanchez.

If you like what you see in these videos, make sure to grab a ticket for GitHub Universe. We're returning to San Francisco's Dogpatch neighborhood for three tracks of excellent sessions, as well as trainings and workshops, so prepare for launch.

GitHub Universe is more than just a conference or a festival, although it feels like both. On September 13-15, you can experience advanced trainings, deep-dives on open source projects, keynotes from industry experts, and a look into successful software teams, all in beautiful surroundings and with excellent company.

As July draws to a close, so does your opportunity to grab an early bird ticket to Universe. Make sure you get yours before this Sunday, July 31, when the price will increase from $399 to $599.

You also only have six more days to submit a proposal to the call for speakers; don’t miss out on sharing your story with the largest software community in the world. Check out some helpful tips and tricks from CodeConf alum E Dunham to get the gears turning upstairs.

This is not a drill! Get registered and get ready for GitHub Universe.

Organization owners can send an email invitation to invite members, billing managers, and owners to their organization.

This helps organization administrators invite members without a GitHub account or with unknown usernames.

Newly invited members will receive an email asking them to join the organization. If they don't have a GitHub account yet, they will be prompted to sign up for one and guided through the signup process.

The GitHub Universe 2016 call for proposals is open until July 31st, and we're looking for 24 speakers to share their ideas in breakout sessions on September 14-15th. We encourage speakers with all levels of experience to apply, whether it's your first talk or your fiftieth.

We believe that having a diverse group of speakers fosters a healthy community, stimulates conversation, and exposes fresh ideas. So we're looking for speakers from different backgrounds, communities, and experiences. To make Universe accessible to a wide range of speakers, we provide an honorarium and travel accommodations to speakers. You can see all the details in the CFP description.

What we're looking for

The 24 breakout sessions will explore a number of the personal and technical challenges involved in building software. We’re looking for sessions that examine the entire software development process: from before you start writing code, to writing and collaborating on code, through maintaining and scaling your code.

Whether you’re working on an open source project or on an enterprise software team (or both!), we all face similar challenges and we can learn how to overcome them together. You should submit a proposal if you want to share your experiences with:

Workflow. How is software built today, and how will it be built tomorrow? What languages and tools are used, what processes, and what cultures? What is your workflow like, and how has your team been successful with it?
Community. How do you start contributing to open source, and how do you grow a thriving software community? How has learning to code changed? What impact is openness having on public institutions? Which open source projects are having the largest impact on the software community?
Business. What goes into building a modern software team? How can you contribute to, release, and maintain open source projects? What does it mean to use open source principles within your organization?
Ecosystem. What are the tools you use to have a seamless development workflow? How do you deploy, monitor, and scale your code?

Helpful resources

If you'd like to submit but need some help organizing your ideas into a compelling proposal, check out Lucy Bain's excellent blogpost about how to get the creative juices flowing.

Already have an idea but need to streamline it into a great proposal? Take a look at CodeConf LA speaker E. Dunham's post about the 7 essential parts of a complete abstract..

Already have a proposal ready? What are you waiting for? Submit now, don't wait until July 31!

Last week, 300 open source enthusiasts gathered in Los Angeles for CodeConf LA, and more than 500 people tuned in from around the world via live stream. The event opened with a full day of workshops, followed by two packed days of single-track content, featuring more than 20 speakers. The conference brought together open source developers, software engineers, security professionals, and operations engineers to network, learn, and share the technical components as well as the cultural aspects of open source systems.

We will be sharing speaker slides, complete session videos and more in the next few weeks. In the meantime, check out the awesome community conversations that took place on social media (some speaker slides are there too).

Did you attend or volunteer at CodeConf LA? Your unique insights are extremely appreciated to help us continue to build memorable events in the future. Please take a moment to fill out this survey.

Featured Content

A dynamic range of speakers took the stage to share insights, offer tips and showcase projects on open source systems. Here are some of our favorite quotes from the day:

"If you can't be kind, helpful, and welcoming you should step away from the computer and go do something happy until you can.” – Mitchell Hashimoto, Hashicorp / The Hashicorp Formula to Open Source

"If we find ourselves always having the answers, then we're asking really boring questions.” – Kerri Miller, GitHub / Crescent Wrenches, Socket Sets, and Other Tools for Debugging

“Languages succeed not because they are perfectly designed, but because of the tools, people behind them.” – Michael Bernstein, Code Climate / The Perfect Programming Language

“Diversity is inviting people to the party, inclusion is making sure they're comfortable." – Anjuan Simmons, Assemble Systems / Lending Privilege

Workshops

Attendees were invited to join us a day early for three in-depth workshops. Together, we spelunked into Git’s plumbing (Dissecting Git’s Guts, led by Emily Xie from Recurse Center), reflected on the cultural implications of being an open source change-agent (Transitioning to InnerSource, led by Cedric Williams from PayPal), and scraped data from the web using two real-world examples (Web Dev & Data in a Graph Database, led by Nick Doiron from The Asia Foundation).

“To make organizations work like open source projects, we have to address the culture first.” – Cedric Williams, PayPal / Transitioning to Innersource

Diversity & Inclusion

We know that diversity breeds innovation and that bringing people together from disparate backgrounds will not only enrich the conference experience but also the experience of contributing to open source projects. For these reasons and more, we aimed to make the space as welcome and inclusive as possible, including providing gender neutral restrooms, nursing rooms, and a quiet space for Ramadan.

In addition, we allocated nearly 20% of conference tickets for distribution through some amazing local organizations, and provided complimentary tickets to local user groups and students to encourage attendance by a wide range of individuals and experience levels.

After Party

What happens when a few hundred open source enthusiasts descend on a swanky bar for a pub quiz-style trivia night? The gloves come off in a ruthless competition to answer the most esoteric open source themed questions. At CodeConf LA’s After party, prizes were won, a dance party coalesced, and forever friendships were forged.

Covetable Artifacts

This year we had a ton of fun with the event visuals and swag. Attendees marveled at the substantial badges, rocked the conference t-shirt en masse, and left adorable stickers in their wake. The 180-degree animated screens got some love too. Check out these awesome videos made by attendees in our custom stop-motion video booth:

Thank You

Many thanks to our Sponsors and Community Partners for helping to make this event possible, and for their support for the open source community.

GitHub Universe is the event for people making the future of software. Immerse yourself in three days of creativity and curiosity with the largest software community in the world. Join us on September 13-15 at Pier 70 in San Francisco for an event packed with advanced training, deep-dives on open source projects, keynotes from industry experts, and a look into successful software teams.

Early bird tickets

You can purchase early bird tickets for $399 which include access to all conference activities and The Big Bang benefit concert. For $100 more, you can extend your Universe experience with a full day of hands-on workshops from GitHub's training team. Early bird pricing is available through July 31st.

Call for proposals

The GitHub Universe program will feature community leaders, project maintainers, industry experts, and the GitHub team. We're looking for a diverse range of speakers from all parts of the software ecosystem. We'd love you to share your ideas with us and submit a proposal to the CFP.

Interested in supporting GitHub Universe as a sponsor? Take a look at the prospectus and get in touch.

At Universe, you'll feel like you're at a festival and connect like you're at a conference. We'll see you there.

Milestones and labels are a handy way to group and organize your issues, but sometimes it’s helpful to indicate which ones you or your team want to focus on first. You can now reorder issues and pull requests and indicate priority by moving them higher up or lower down the list.

Re-ordering Issues

Once you’ve grouped issues and pull requests within a milestone, drag-and-drop to place them in whatever order you need, or use keyboard commands to select and move items up or down the list.

Learn more about Milestones and issue prioritization in our help guide.

When you enable email notifications, GitHub sends you messages about everyone's issues, pull requests, comments, and commits except your own. For many people that leaves email threads feeling incomplete. For this reason, we have added a configuration setting so that you can receive emails about your own activity, too.

These emails contain the address [email protected] in the CC field so you can filter them in different ways. For instance, you can mark these emails as read automatically and only receive notifications about others' actions—all while keeping the complete conversation in your inbox. You can also star or tag emails, so they'll stand out among all the other updates you might receive.

We've also added a few more configuration settings that let you get notifications on the actions that interest you most. Now you can choose to receive email updates for comments on issues and pull requests, pull request reviews, and pull request pushes, too.

Data gives us insight into how people build software, and the activities of open source communities on GitHub represent one of the richest datasets ever created of people working together at scale.

In 2012, the community led project, GitHub Archive was launched, providing a glimpse into the ways people build software on GitHub. Today, we're delighted to announce that, in collaboration with Google, we are releasing a collection of additional BigQuery tables to expand on the data from that project¹.

This 3TB+ dataset comprises the largest released source of GitHub activity to date. It contains activity data for more than 2.8 million open source GitHub repositories including more than 145 million unique commits, over 2 billion different file paths and the contents of the latest revision for 163 million files, all of which are searchable with regular expressions.

With this new dataset, it's a simple query to find out which are the most commonly used Go packages, which US-schools have the most open source contributors and find all of the things that should never happen.

Just as books capture thoughts and ideas, software encodes human knowledge in a machine-readable form. This dataset is a great start toward the pursuit of documenting the open source community's vast repository of knowledge—but there's more to be done. Over the coming months, you can expect to hear from us on how we hope to make open source data even more available, portable, and useful.

Whether you’re a researcher studying open source communities, an organization looking to monitor the health of your open source projects, or curious about the latest trends in software development, go check out the new dataset hosted on Google Cloud to analyze one of the largest datasets of people collaborating on the planet.

^1. If you’d like to hear more about the data release then check out this episode of The Changelog.

Last year, we wrote up our 2014 Transparency Report, the first report of its kind we've been able to do. It's important to continue to update our community on the kinds of legal requests we receive and respond to, so we're happy to be able to offer our 2015 Transparency Report to follow up.

So What's The Scoop?

The kinds of legal requests we received in 2015 were very similar to the requests we received in 2014. As in 2014, we received subpoenas but no court orders or warrants, and the number of subpoenas we received did not increase significantly. However, the number of gag orders we received nearly doubled in 2015. On a happier note, the number of removal requests we received from foreign governments went down notably: we only received one takedown request from a foreign government in 2015. Other takedown statistics are not as rosy. The number of DMCA takedown notices we received in 2015 nearly doubled, and we processed more than 3.5 times the number of retractions and counter notices we processed in 2014. Many of these notices were either mass removals or notices sent by a few organizations that frequently asked us to take down content. In all, fewer than twenty notice senders asked us to remove more than 90% of the repositories we took down under the DMCA in 2015.

This 2015 report details the types of requests we receive for user accounts, user content, information about our users, and other such information, and how we process those requests. Transparency and trust are essential to GitHub and to the open source community, and giving you access to information about these requests can protect you, protect us, and help you feel safe as you work on GitHub.

Our commitment to our users

We notify our users before sending their information to a third party in response to a legal request, whenever possible. We also provide clear, thorough guidelines to law enforcement that describe how to request information about our users, and what legal process we require to obtain certain user information. We provide these guidelines both for the protection and education of our users and for the benefit of law enforcement.

Types of Requests

This report will discuss the two main categories of legal requests we receive:

Disclosure Requests — requests to disclose user information, which include:
- Subpoenas, Court Orders, and Search Warrants
- National Security Orders
Takedown Requests — requests to remove or block user content, which include:
- Government Takedown Requests
- DMCA Takedown Notices

Disclosure Requests

Subpoenas, Court Orders, and Search Warrants

As you may have noticed in our guidelines to law enforcement, we require a subpoena for certain kinds of user information, like a name, an email address, or an IP address associated with an account, and a court order or warrant for all other kinds of user information, like access logs or the contents of a private repository. A subpoena is a legal process that does not require review by a judge or magistrate. By contrast, a warrant or court order does require judicial review. These requests may be part of a criminal investigation or a civil dispute, and may come from law enforcement, a government agency, or litigants in a civil trial.

Because some legal processes are part of ongoing criminal investigations, we may receive, along with them, a court order that forbids us from giving notice to the targeted account holder. Even when we do not receive that kind of order, there are often significant privacy concerns involved with these disputes. Therefore, we do not publish subpoenas or other legal requests for user information.

Subpoenas, Court Orders, and Search Warrants Received

In 2015, we received twelve subpoenas for user data. This includes every request we received for user data, regardless of whether we disclosed information or not. Not all of these came from law enforcement; some of these may have come from civil litigants wanting information about another party.

We did not disclose user information in response to every request we received. In some cases, this is because the request was not specific enough, and when we asked for clarification, the requesting party withdrew the subpoena. In some cases, we received very broad requests, and we were able to limit the scope of the information we provided.

This is not a significant increase from 2014, when we received ten requests for user information. However, we have seen an increase in the number of orders preventing us from notifying our users about legal requests, nearly doubling from four to seven in 2015.

As in 2014, we did not receive any warrants or court orders.

As noted above, many of the requests we receive pertain to criminal investigations. We may also receive subpoenas from individuals involved in civil litigation or arbitration. We may also receive requests from foreign government agencies through the Department of Justice, via a mutual legal assistance treaty or similar form of cooperation. The following chart shows the sources of the subpoenas we received in 2015 (note that some federal agencies may have issued subpoenas through a grand jury):

National Security Orders

We are not allowed to say much about this last category of legal disclosure requests, including national security letters from law enforcement and orders from the Foreign Intelligence Surveillance Court. If one of these requests comes with a gag order—and they usually do—that not only prevents us from talking about the specifics of the request, but even the existence of the request itself. The courts are currently reviewing the constitutionality of these prior restraints on free speech, and GitHub supports the efforts to increase transparency in this area. Until such time, we are not even allowed to say if we've received zero of these reports—we can only report information about these types of requests in broad ranges:

Takedown requests

Government Takedown Requests

In 2014, for the first time, we started seeing requests from foreign governments to remove content. These requests continued in 2015, but as in 2014, they were very uncommon and limited to one particular country.

When we receive requests like this, we provide transparency in at least two ways: we notify the affected account holder before removing the content, and we post the notice publicly, to our government takedowns repository. In 2015, we only received one takedown request from a foreign government.

In 2015, other than that takedown request, we did not block content at the request of any foreign government. Because of our commitment to transparency, if we agree to block content under similar circumstances in the future, we intend to follow the same protocol—providing notice to affected account holders and posting the requests publicly.

DMCA Takedown Requests

The most significant number of requests we receive for removal of content are notices submitted under the Digital Millennium Copyright Act, or the DMCA. The DMCA provides a process by which a copyright holder can request that GitHub take down content the holder believes is infringing, and the user who posted the content can send a counter notice disputing the claim. Each time we receive a complete DMCA takedown notice, we redact any personal information and post it to a public DMCA repository.

DMCA Takedown Notices Received

In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014. Here are the total number of complete notices that we received and processed in 2015. In the case of takedown notices, this is the number of separate notices where we took down content or asked our users to remove content:

By contrast, in 2014, we received 258 notices, and only received 17 counter notices or retractions. In late 2014, we changed the way we processed DMCA takedown requests for forked repositories, so our comparison of the number of projects affected by takedown notices in 2014 to the number affected in 2015 is not exact. However, even a rough estimation based on the number of notices we received shows a remarkable increase.

By month, the notices we received, and counter notices or retractions received, looks like this:

Incomplete DMCA Takedown Notices Received

From time to time, we do receive incomplete or insufficient notices regarding copyright infringement. Because these notices don’t result in us taking down content, we don't currently keep track of how many incomplete notices we receive, or how often our users are able to work out their issues without sending a takedown notice.

Projects Affected by DMCA Takedown Requests

Often, a single takedown notice can encompass more than one project. We wanted to look at the total number of projects, such as repositories, Gists, and Pages sites, that we had taken down due to DMCA takedown requests in 2015. By month, the projects we took down, and the projects that remained down after we processed retractions and counter notices, looks like this:

That large spike in September had us wanting to look more closely. What happened there?

Mass Removals and Frequent Noticers

Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories. We classified “Mass Removals” as any takedown notice asking us to remove content from more than one hundred repositories, counting each fork separately, in a single takedown notice.

If we look at the same graph as above, of the projects we took down, and the projects that remained down after we processed retractions and counter notices, but exclude all incidents of Mass Removals, the graph looks very different:

The activity over the year normalizes significantly when we don’t consider those anomalous mass removals.

In contrast to the Mass Removals, which are notices that contain many removal requests in one notice, we also noticed that some notice senders spread out their notices: they may send many over time. In some cases, this may be because they maintain projects that are frequently infringed, or in others, it may be because it takes several notices over time to take down all the forks of an infringing repository. For the purposes of our measurements, a “Frequent Noticer” is one notice sender who sends more than four DMCA takedown notices over the course of a year. In one case, a Frequent Noticer also sent us several Mass Removals.

Looking at our takedown notices over the year in this light gives us a lot of information. For example, while 83% of our 505 DMCA takedown notices came in from individuals and organizations sending requests to take down small numbers of repositories, the remaining 17% of notices accounted for the overwhelming majority of the content we actually removed. In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015.

We can’t draw any conclusions about what this means for GitHub or our users. Additionally, because we did not expect to be doing this kind of analysis on our data this year, there may be some inconsistencies in the data we compiled; we hope to be correcting those as we go forward. We do make all the notices we receive publicly available at https://github.com/github/dmca and you can also view the data we compiled to create this report in our DMCA repository.

Conclusion

We want to be as open as possible to help you understand how legal requests may affect your projects. We hope that each year we put out a transparency report, we’ll be able to improve it with more thorough analysis and more insight into our processes, so if there's anything you'd like to see us include in next year's report, please let us know.