there is no current reason to believe that copilot or ChatGPT are trained on private repositories; however this agreement does permit them to do so.
The concern is, why not? you have an enormous corpus of professional grade software just sitting there, one bit flip away from access; and you are even permitted (to the letter of the law) to flip that bit- why wouldn't you, eventually?
>however this agreement does permit them to do so.
How so? Assuming you read the whole agreement and not just take a single line out of context?
"If you enable data use for a private repository, we will continue to treat your private data, source code, or trade secrets as confidential and private consistent with our Terms of Service."
> GitHub considers the contents of private repositories to be confidential to you. GitHub will protect the contents of private repositories from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care.
When talking about confidentiality, GitHub is specific to mention unauthorised access, implication is here that GitHub has the authority to authorise themselves.
The next section talks about how they will grant access to third-parties, but it's clear that as a first party they exclude themselves from the moniker of "unauthorised".
I agree however taking random pieces of a long agreement in isolation is not how you read terms of services. The section you highlight is NOT, for example, the one that talks about what legal rights you give Github regarding your code. Construing it as such and the extrapolating from that is taking a piece of text way out of context.
The section cited is the most prominent section in the terms of service regarding private repositories[0]
Everything else in that section relates to personnel (which is not the concern of the commenters here), what happens if you upload copyrighted material and codes of conduct.
Also, taking segments of the TOS is exactly what will happen in a court of law, unless there is another section that invalidates this section, this fragment will be argued as consent.
Additionally; the context of that section is very clear otherwise. Sorry.
The way ToS will be argued is: there are many references to processing information and nothing that explicitly prohibits or cannot be reasonably inferred to inhibit automatic processing, in fact there are many places where they make reference to "automatic processing for services"; You can take that to mean that it's just their SAST scanners, they can take it to mean training of an AI model, there's no distinction legally here.
You mean like the earlier section that explicitly says "License Grant to Us" which the court would somehow amazingly ignore reading according to you? Because clearly the exact legal rights you give Github to use your work is not relevant to a discussion on how Github is legally allowed to use your work.
I can tell you're a bit defensive about this, so let me be clear as possible: talk to a lawyer.
I am not a lawyer myself, though I consult with Swiss/German lawyers quite often regarding licensing because it is a large part of my role.
The fragment I mentioned is the beginning of section "E”; this document is using letters as the top level section separator, so using a different letter from the prior is taken as an intentional separation for the purposes of a legal document, what you are referring to is from section "D"; IE they are in a different context from each other entirely.
Even then, you do not need to have a license to automatically process source code, as per the text of this ToS.
There are more than a few points where they talk about what they have the rights to read, and there is only one point (which is legally required to be there, fwiw) which states they can't release your source code as if it's theirs.
If you read the copilot terms of service, they are not granting license to use the suggestions.
A very pessimistic take is that they are quite legally protected from using source code derived from these repositories, even if there wasn't the muddy discussion about training data and derivation.
It's a little different, Microsoft doesn't care about consumers as they stopped being relevant to Microsoft's financials in the Ballmer era. Even consumer Office spending makes less than LinkedIn for companies to put into perspective how little they care.
However, enterprise/commercial? The same group you're trying to sandwich between a 365 subscription and azure/github? These are the people in which when they do have evidence that they are being negatively affected, will cause a massive dent in Microsoft's bottom line.
there is no current reason to believe that copilot or ChatGPT are trained on private repositories; however this agreement does permit them to do so.
The concern is, why not? you have an enormous corpus of professional grade software just sitting there, one bit flip away from access; and you are even permitted (to the letter of the law) to flip that bit- why wouldn't you, eventually?