Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
❌ Software Removal | github #843
Drop Github, avoid Gitlab, endorse notabug.org
Since PTIO was reorganized it's unclear if github is being endorsed. There is no mention in the productivity category but the participate page links to github. PTIO is leading by poor example in this case. It's embarrassing to the project and not good for credibility. Luckily it no longer appears on the front page.
Before continuing, it's worth mentioning that Github and Gitlab both distribute the free software that implements their service. Unless I say otherwise, this post is about their service, not their software.
Privacy problems with Microsoft Github service
Privacy-compromising consequence of using Github for the PTIO project:
Rationale for staying with Github:
Problems with Gitlab service
Many Github refugees fled to Gitlab when Microsoft acquired Github. It's a bad idea. Gitlab should be avoided.
I haven't made a significant effort to dig up dirt on these suppliers, but I can confirm that NAB has none of the issues of Github. My experience with NAB has been quite positive.
It's not open-source isn't it, so would it really be that much better than GitHub?
As far as I know they only support their own version control system known as Bazaar (or
This isn't a very big issue, but I wish they supported reactions to comments like
(Another problem I have applying to everything else than GitHub seems to be inability to subscribe only new releases/tags, but that is non applicable in the context of Privacytools.io.)
Oh, and I forgot to say that I have already commented to this on #763:
There are lots of problems with the Gitlab service, but Gitlab's free software is probably relatively clean (it's listed in the FSF directory). You'd probably just want to make sure that the CAPTCHA hell that users normally experience with the G/L service can be disabled in the software.
That doesn't seem a good match for PTIO, but would rather make it look doubtful. I'd strongly discourage using that.
I rarely sign up to some service for just a single project, and I guess I'm not the only one working this way. So I'd rather sign up to Codeberg (already done) or NotABug than to a single-service. Saying: Codeberg would probably mean a bigger user base. Especially when the synergy leads to spreading the word and making Codeberg better known. Sure, that could also be said about NotABug.
Disclosure: I'm in personal contact with some of the "founding fathers" of Codeberg – which is also why I know a little about it. They're actively looking for good privacy and open source focused projects with a "good name" – and they have potential. If you wish to ask closer questions on Codeberg, I could ask one of their crew to join in, just let me know.
I had trouble creating a Codeberg account. It accepted the registration form and sent a confirmation link, but the the link gave "Your confirmation code is invalid or has expired." When I try to login, it gives no error but simply returns to the screen in a logged-out state. When I try to register again, it says my username is taken.. gives no way to send another confirmation link.
@libBletchley strange, I don't remember such a thing. Neither can I find a matching issue in their tracker. I don't know if there's a way to send a new confirmation code.
Ah: just asked a crew member for advice. Answer: Link expires after 3h. Log in again, you should see a new confirmation button. Or try the "forgot my password" feature. He just checked to confirm that there is no issue with registrations, and could not reproduce your problem.
i didn't realize it was the forgot password process that also fixes the email confirmation.. but it made no difference. I completed the forgotten password procedure without error, but when i login it still shows "register / sign in" on the top right. I used libBletchley.
That's strange. Have you verified you call the correct (and, most important, complete ) link? Nothing cut off? No part(s) missing? Or have you maybe tapped the link twice (the second time it would fail)? Cookies allowed¹ (they are required a.o. for the session state)? Login still doesn't work? According to Codeberg, your account was successfully created and confirmed.
¹ just tested: what you describe exactly matches what would happen with cookies rejected.
uMatrix was already allowing codeberg.org cookies. I also just enabled the google cookie and it made no difference.
The emailed link is bizarre. I clicked it in the HTML-rendered email. I also did a view-source and pasted both portions.
Pasted the first https://... and also the second, trimming the trailing continuation "=". It's strange they would put a 2nd copy in parenthesis.. but both fail in the same way that the rendered click does.
Of course the two fail: I told you your account is already successfully verified, so just log in!
The quote you show really looks like a "quote": quoted-printable as used by MTAs to transport mail. That quoted from the mail source view? Hint for next time you see this: concatenate the lines after stripping the trailing
A bigger userbase than NotABug perhaps. But not compared to github, fortunately or unfortunately. I think the privacyToolsIO folks will eventually move to their own gitlab (see the https://git.privacytools.io service they recently began providing) rather than outsource to non-self-hosted.
The advantage to github is that 1) it is already up and running and if it ain't badly broke then switching over for the sake of switching over is a mistake, and 2) any kind of switchover will cause loss of community even if the new place is self-hosted because of inertia and old hyperlinks floating around the interwebs and whatnot.
This is a symptom of that wide field-testing thing, methinks. Unless the codeberg website is one of the few which is not tested in stock GoogleChrome, in which case all chromium-based browsers might fail, not just the UngoogledChromium project?
In reply to me 11 days ago above at #843 (comment).
I still await federated accounts allowing me to login to git.privacytools.io with my dev.gajim.org (first GitLab instance that came to my mind, I am not sure I have configured keys there as I have done only commenting to issues) account so my keys get copied without a separate action, because I recently contributed into a project hosting it's own Gitlab (and the merge request wasn't even merged (yet)) and the process seems to be:
I think there is currently too much of annoying treshold (while at GitHub everyone using it for other projects too has already done that) that shouldn't be necessary. I think federated Gitlab login is planned somewhere, but I don't know where (and would appreciate if someone was able to give me a link to subscribe).
Good night (it's 00:41 in Finland).
It's broken in terms of hostility toward PTIO contributors as well as PTIO's mission against mass surveillance.
The whole git paradigm is designed to be portable with freedom from centralization. To trap yourself on one repository host despite excessive issues is to not grok the benefits of git.
It will shrink initially but then it will be allowed to grow to include privacy-aware PTIO contributors who (quite rightly) do not use Github. That's regardless of which privacy-respecting solution is used.
If self-hosting is PTIO's future, then it will grow as a consequence of establishing a community of privacy-respecting projects in one place (as opposed to having them scattered across two privacy-hostile services [github & gitlab.com]).
I noticed a google.com cookie in uMatrix. Even though I gave uMatrix permission to send that cookie, Ungoogled Chromium is wired not to talk to google. So it's likely that the codeberg issue is specific to Ungoogled Chromium and not other implementations.
It is, of course, a concern that Google has a role with Codeberg here. But it's still among the least evil outsourced solutions - penultimate of the lesser of evils IMO.
Sadly no, 2 to 4 still apply, because my GitHub-connected emails aren't imported, neither are the SSH or GPG keys.
There are many other less important features that I think federated/remote login would solve like changing my theme to dark and syntax colouring to solarized dark, I don't remember how many other features Gitlab has.
Other issues I found interesting while trying to look for that issue:
I understand git, no worries on that score ;-) But the key thing about github is not the 'git' portion but rather the 'hub' portion. If at some point it makes sense to switch away from github to self-hosted gitlab-in-a-box run by the privacyToolsIO folks, that will some at an immediate cost in community-size.
As Mikaela is pointing out I believe, if there is federated login that DTRT rather than only kinda-sorta-working, you eliminate a good chunk of the lossage, because only the URL changes: instead of filing issues a github.com/privacyToolsIO using their github credentials, instead people could file issues at git.privacyTools.io/self_referential_repo using their github credentials, which makes for a smooth transition with minimal lossage.
And it also helps if people that already have gitlab.com credentials, can use those to login at the new self-hosted self_referential_repo and so on.
Disagree, this is blowing things out of proportion -- you have filed your boycott-github request in the 'wrong' place -- SoftwareRemoval instead of WebsiteIssue (or more properly WebsiteMetaIssue slash GeneralDiscussionOfAllTheThings). Github is not a "recommended privacy tool" on the site, in a section written for the everday enduser audience, it is just "here is where you can contribute and participate" kind of thing, written for people who want to give back by participating in the FL/OSS process directly. I.e. not everyday folks.
The masses do not typically need to find a way to self-host a git repo. Because that is a very weird thing to need to do. The masses need versioning-wiki-engines perhaps, with CRM attached most like, but not raw git repos -- most of the masses are not programmers and sysadmins, and those that are, can use local git repos or employer-provider version-control systems. With luck their employer has read the hypothetical privacyToolsIO4Biz pages which detail how to run a privacy-respecting corporation including single-sign-on / cloud storage / collaboration apps / etc. But the employer or more usually the employer's sysadmin, are not "the masses" in any sense, though they are individuals and citizens.
The masses do not typically need to find a way to file an issue in any git repo, either, whether it be on github or on gitlab or on codeberg or on notabug or self-hosted. Because that is a bit of a weird thing to do. But also because there are usually half a dozen other venues, sometime over a dozen.
In some ways you are the counterpoint here, because you use github despite being privacy-aware... and really, because you are privacy-aware. But there are other venues: mastodon instance, matrix chatroom, self-hosted by privacy-respecting people. Who are already cross-posting things brought up in those areas, here to github. Mikaela just posted something from the matrixChatroom where somebody had suggested "libre videogames" listings. JonahAragon posted something similar, which was from an email-conversation (which is Not An Official Way to contact the project-maintainers because it does not scale... so dear readership please do not use that mechanism... but it does function as a fallback option of last resort methinks).
The main question is not, how many people will we attract if we selfhost a gitlab-instance that refuse to use github... the main question is, are there benefits to gitlabSelfhosting that are impossible to achieve on github + mastodonSelfhosted + matrixHomeserver + reddit + twitter + maybeFacebook + discourseSelfhosted + keybase + lastResortFallbackToEmail? I think the number of people that refuse to use any of those existing options, but would suddenly start using gitlabSelfhosted, is going to be dwarfed by the number of people that would stop contributing during the repo-switcheroo-shuffle because of hassle and switching costs and increased friction.
p.s. There is a different but related problem, which is that somewhere between six and nine official-or-quasi-official contact methods exist.
bifurcation of the overall privacy-community considered harmful
And they all seem to be "equal priority" ...this bifurcates the overall community into tiny subcommunity-groupings and is a problem because there is no 'one main place' where everybody gathers habitually, plus 'specialized niche places' where particular sorts of work are done.
Going out on a limb here, I think the One Main Place is probably going to be the discourseSelfhosted because it is most conducive to long-running async discussions, complemented by a github-associated wiki (or maybe a selfhosted wiki.js which is arguably cooler) where the results of discussions are summarized and stored. Github issue-tracker is sub-optimal for discussion-threads because every comment emails a repo-watcher.
I think the chatroom area is fine for "quick questions" but unsuited to long involved discussions that happen over the course of many days. I don't see keybase and keybaseChat as viable for any major role, though there is nothing wrong with the people that are code-signing the privacyToolsIO-branded online-services offerings being listed therein. Similarly I don't think email directly to individual privacyToolsIO project-maintainers is a good plan...
that said, I would definitely signup for a daily&weekly BCC'd tips email-newletter and news-digest-blast, rather than get twitter&facebook versions of those things. As long as privacyToolsIO mailing-lists are one-way info-blasts rather than bidirectional-conversations, that will keep the community from bifurcating needlessly (discussions of blasts will happen in discourseSelfHosted or in chatroom or whatnot -- each blast can link to an open forum-area even). And because they are just simple bcc-based blasts they can be end2end encrypted via tutanota and protonmail and any other encrypted-webmail-provider that privacyToolsIO wishes to mention in the listings.
I think that twitter + reddit + facebook should be places where education-blasts are sent out and new participants are recruited, but should generally be privacy-propaganda-mouthpieces rather than "community" areas. We don't want people on twitter talking about privacy, we just want to alert them via twitter and then help them transition to mastodon, ditto for alerting fbook denizens about friendica/diaspora, ditto for alerting reddit-participants to the new discourseSelfhosted. And once they are signed up for encrypted webmail blasts, and transitioned to more privacy-respecting alternatives, they won't need to keep their twit/fbook/reddit thing around unless they want it for some strange reason :-)
It's short-sighted to only consider the short-term cost and neglect the long-term benefit of being able to attract contributors who value privacy and have a strong enough constitution to avoid MS Github.
Bullshit. The direct attack on a PTIO contributor (@unnaturalnamed) was an attack on the PTIO mission. There are numerous privacy abuses outlined in the OP, all exposed in support of the mission, which you continually work against. Most of your posts favor mass surveillance. This is the mission statement:
"You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance."
It is your comment that is in the wrong place.
It's also bizarre that you're essentially willing to push MS Github, a slap in the face of unnaturalnamed who was ejected, whilst at the same time claiming to embrace the number of existing contributors. We must also account for the fact that the same hostility will have other PTIO contributors tossed out if they mention privacy abuses on other projects and point to the work being done in the PTIO repo.
The "we are excluded from our own mission" line of reasoning
This was already addressed in #868. Leading by poor example is no way to educate users. It's a recipe for disaster because it (rightly) also harms credibility. If the experts cannot demonstrate making privacy-respecting choices it signals to others they will struggle even more with the same thing. You seem to have no idea how easily laypeople are put off by security matters. It's fragile, and you propose showing them that the experts can't handle it either. It's a demoralizing approach.
It doesn't matter. It's displayed on the website in a big box on the front page. Every tool users see PTIO using or pimping is an implied endorsement of that tool whether you want it to be or not. PTIO is not even saying "do as we say not as we do - and don't use Github"; it's left for users to assume MS Github is socially responsible and privacy-respecting. And it shows advanced users that PTIO staff is not committed to their own mission.
You've just supported paragraph 3 under "Privacy-compromising consequence of using Github for the PTIO project".
Of course it is. You're asking the wrong questions.
No it's not. That's what you concern yourself with if you're actually looking for excuses to use tools that undermine the cause. It's an attempt at trading integrity for misguided guesswork that users visiting the webpage and learning there that PTIO has a Facebook account will then reach other users, as opposed to finding PTIO within the FB walled-garden of mass surveillance.
It's also a betrayal when coupled with the statement "privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance."
It's the wrong question first of all, because only the "would suddenly start using gitlabSelfhosted" portion is relevant. And stressing "sudden" indicates the short-sightedness of demanding short-term results. It's blowing an initial decrease out of proportion when the overall direction is commitment to the cause in a way that avoids hypocrisy.
As usual, I think you misunderstand me: you listed an issue called "software removal: github". The category of software-removal issues is intended for tools that are listed, which should no longer be listed. You have filed such issues, as I recall ;-)
Github is not software the privacyToolsIO recommends to the readership, it is just, some software that is optionally utilized by privacyToolsIO contributors: thus, the correct title for this issue about "boycott github" does not belong in software-removal, that is the wrong place. There is no category which matches what you are wanting, but if their was it would be called "contributor-optional-software removal: github" or something like that. This is all I meant with the your-comment-is-in-the-wrong-place thing. Try not to be so prickly please.
implied endorsement of a service owned by a firm that has political stances I dislike... that is no way to run a railroad, or a repo for that matter
You are pretty certain that @unnaturalname (no d at the end there) was not just marked as a spammer by the github algorithms, because they posted a bunch of identical issues in a row? Because in the OP you say "Censorship and PTIO project interference: Github staff apparently deleted a PTIO contributor." But then later you change the story, and say "The direct attack on a PTIO contributor (@unnaturalname
Where were they attacked? Were they even censored? Are you sure they were not just spamming a bunch of repos all across github, half a dozen on the 22nd and another half a dozen on the 26th, and got their github username auto-blocked? Do you have an archive of the stuff they posted, prior to the alleged censorship? And how do you leap from "github removed a username" to the "github is directly attacking the mission"? Are you positive you want to make such leaps? https://help.github.com/en/articles/github-terms-of-service#k-advertising-on-github subsection 3, second sentence.
We have a fundamental disagreement about what the mission of the privacyToolsIO website is, and of where the backend-tools used by contributors fit into that mission: you think the main website is for everyday readership, and fantasize they will all install jami, if only you can delete all the competitors&alternatives to jami from the listings. I have a more jaundiced view of humanity: I know for an absolute fact that the everyday enduser cannot run linux-on-the-desktop, cannot flash their own lineageOS, and cannot handle ethereum-usernames and ringCx-hashnums for their messenger-app. It is too much trouble, too much hassle, requires some tech-wizardry.
By stark contrast, I also know for an absolute fact that everyday endusers CAN install and use firefox, signalapp, etc. To you those projects are evil incarnate, and you don't understand why everybody just does not hand-compile ungoogledChromium and memorize their RingCx hashnum and use debian-for-the-desktop and stop owning a phone. The reason is simple: it is too hard, too much trouble/hassle/etc.
Our disagreement with respect to github is different, but has the same root cause: you could care less about how much hassle and trouble and disruption and loss of participation getting rid of github and switching over to an entirely new issue-tracker and versioning-repo will cause. To you, any amount of hassle is justified, because you fantasize that there are millions of contributors that refuse to utilize github on political grounds, and if only privacyToolsIO was not using evil github, those contributors would start to contribute.
But this is nonsense: contributions are officially accepted via federated mastodon, federated riotIM, reddit, twitter, self-hosted discourse, and github. I've seen project-owners open issues on behalf of commentary in other places, too, this is not handwaving. Contributors that refuse to use any of those options, are so few in number, they will never make up for the loss of github-contributors, and thus, leaving github is a bad decision on practical grounds.
You don't care about practical grounds, to you it is all about political guilt-by-association. Microsoft drug-tests their employees, and the war on drugs is a bad political stance, and microsoft also owns github, and privacyToolsIO has some files hosted on github, and that means privacyToolsIO is practically endorsing the DEA no-knock dawn-raids... or something like that.
This is not about privacy-respecting tools, this is purely about boycott-the-firms-that-I-dislike. If you want to boycott them, do so, If you see anybody who refuses to follow your lead and join your boycott, as your enemy, then that is your error, your loss.
You are talking about boycott of a supplier-of-supplier as being "implied endorsement" and conflating that with "the cause" aka the mission of the site. The mission of the site is educating people about privacy, and recommending privacy-respecting tools.
No, it is looking at the practical impact of your boycott suggestion... and the ramifications thereof, such as, what happens when SomeNewPoliticallyOrientedRepoService arises that you like even better than notabug? In this very thread, you have gone from rejecting github-and-gitlab while trumpeting notabug, to liking codeberg ... liking it so much, that you would want to switch over to it, should the notabug people have any political transgressions, during 2020.
Which means yet another big switchover, yet another loss of contributor-community size, and that won't be the end of it either, because a really really really good service will come out in 2021, and so on. Tool churn is bad enough in enduser-recommentations, but tool-churn on the backend where the site is built, has realworld pragmatic downsides.
Uh huh. You are confusing political integrity, of your own view of how privacyToolsIO functions on the backend (where the repo is hosted in this case), with the integrity of the listings in the eyes of everyday readership.
And you are confusing yourself personally, with "The Mission". When you read the mission, it is very clear that you interpret it as 'tools to protect your privacy' being aimed at you personally. But I don't think you are the only audience of the website. You are a person who runs linux on the desktop, noscript-or-equivalent in your browser, spends a lot of time avoiding phones and phone-number-related tracking (up to and including travel to purchase a simcard not associated with your identity), and cares enough about privacy to spend a lot of hours online fighting mass surveillance.
But I don't think the audience of www.privacyTools.io is just us wizard-level-three type folks. You claim to also believe that: you want the tool-recommendations to be suitable for use by the masses. So we agree, at least, in theory. But github is not a tool-recommendation to the masses. It isn't being recommended to them.
There is little to say here. As often happens with your attempts to attack a tool, that for whatever reason you personally dislike, and in whatever way you think will best discredit the tool and/or best discredit people that disagree with you -- as usual, you don't know what you are talking about.
Right... "advanced users" meaning you and all the people that are just like you (people that demand everybody boycott github and treat anybody who does not as just-as-evil-as-billg). People that don't understand logical fallacies, in other words. People for whom the ends justify the means, any means, in other words.
No, it shows you cannot comprehend the mission, because you don't see any distinction between yourself and people of your mindset, and the intended audience of the website. Which is everyday readership that needs to be more educated about privacy: people that are using Windows10, people that are using Chrome, people that are using Gmail, people that are on Facebook, people that are using WeChat or Whatsapp or unencrypted SMS.
Boycott-github because guilt-by-association, is so far from being relevant to that slice of the readership -- aka the majority of humanity -- it is almost unfathomable that you are really confused here. You run Debian, UngoogledChromium, NeoMutt, Fediverse, and Jami or Wireapp. Even though wireapp is on AWS ... you made a pragmatic decision that you wanted to be able to talk to your mother. You are here, on github, and you made a pragmatic decision -- even though it runs on AWS and even though Microsoft owns it and drug-tests their employees -- to be here on github, fighting mass surveillance. I think those are good decisions that you made, without exception. All of them are fine choices.
The only downside here is that you want everybody to follow your lead. You want to boycott github, even though you didn't want to boycott github back when you signed up. Because circumstances have changed, and you believe notabug is "just as good" despite the "minor downsides". You believe that there will be a vast influx of notabug contributors, VAST influx, completely overcoming the loss of contributor-community when github is boycott'd.
Here is my advice: if you can get your mom and ten of her over-age-fifty friends, to all hand-compile their own ungoogledChromium, to install (without your doing it for them) their own Linux-for-the-desktop distro onto all their x86-based systems, stop using anything but neoMutt for their email needs, delete their facebook/twitter/amazonDotCom/Microsoft/gmail accounts and entirely switch over to the fediverse, and stop using PSTN/fbookMsgr/skype/wechat/whatsapp/wireapp/signalapp and completely go cold-turkey Jami or Tox or nothing, then I will believe you that the everyday endusers are ready to boycott github. Heck, I will immediately boycott github, if you can manage that.
Unless your mom works at CERN as a nuclear physicist or something, I'm assuming here that your mom is an everyday person ;-) But you won't be able to do it. For yourself: yes, sure, I believe you can do it. But not for a dozen everyday people born when the Berlin Wall was still standing; no chance. I've spent a lot of years trying to get people to not give their friends and relatives into the maw of facebook, stop running windows when all they really need is LibreOffice, stop using gmail when protonmail or tutanota is good enough, and pick smartphone handsets that allow them to install software they can get a modicum of trust whilst using. I have failed, that entire time, by and large. Not for myself, but I'm willing to go the extra mile... most people are not willing.
The tide is shifting though: there is starting to be a backlash. Everyday people are starting to think... hey maybe I don't have anything MUCH to hide, but does that mean I want everything I do and everyone I ever contact, to be spied upon by shady overlords? PrivacyToolsIO is here to help them upgrade their tools and to educate them about the broad issues. It is not here to insist they hand-compile UngoogledChromium or they are evil, it is not here to say "if you run windows you are implicitly endorsing github so you are an enemy of privacy and a friend of mass surveillance." That is [insert appropriate term].
Github is just one of half-a-dozen options, for the hardcore folks like ourselves that really care about privacy, to contribute on the backend. If you really cannot ethically stand contributing on github, which is hosted on AWS, and which is owned by a corporation which drug-tests their employees, then you have a bunch of other options: mastodon, discourse selfhosted at forum.privacytools.io ... et cetera. You can stay here, and that is making a pragmatic choice: you want to be involved directly on github-threads, rather than only being able to indirectly comment via riotim.privacytools.io chatrooms, and you want your words to be visible in google and bing and other non-privacy-respecting search engines. Well, okay then, do that then.
But pretending that it is only 'guesswork' to predict that switching around the repo and the issue-list from provider to provider to provider, will have a detrimental effect (vastly dwarfing any hypothetical salutory effect)... not to mention the opportunity cost where the project-maintainers have to spend a bunch of time and effort on the move to yet another new backend system rather than on improving the listing... no, that is not going to fly.
The entire premise of this thread is that we somehow recommend and endorse all of GitHub's actions. GitHub is a tool we use for development, just as Reddit and Twitter are tools used for outreach. Nothing more.
Is it just me or is this issue unfindable with search? I again looked for this a long time to point to #843 (comment) (my list of GitLab issues) and I had to come here through another issue even if I wrote search term
Can confirm this is "invisible" somehow.
Github's internal search-engine is awful though.
That could be the root cause why github-search is refusing to show 843 in the list... is there a way for the repo-project-team, to be able to change from ghost-owner to Mikaela-owner, and then put a note at the top "this issue 843 was originally filed by another github-username who is no longer registered on github with that identity" or something?
I am able to see 843 with the following URL == https://github.com/privacytoolsIO/privacytools.io/issues?q=sort%3Aupdated-desc So it is still "in github" and visible to the githubSearch. () And after a bit of searching, I am not able to find "okay one of the participants in my repo deleted their account and suddenly I cannot search for issues they filed" ... the keywords are 'too meta' so I either get millions of hits or zero. Probably best bet is to email a human at github support, with screenshots that carefully illustrate the way githubSearch behaves now, versus the way duckduckgo site-search of github behaves now, and point out that with the issue-list-query I gave above 843 does still appear in SOME kinds of search-results. They will either offer a workaround, or fix the underlying bug with any luck. Frustrating software