We’re in the process of updating our policies, and we’d like to get your input! We want to hear what you think of them and whether any of our changes or clarifications can be improved. Head on over to our Site Policy repository to see the open pull requests.

What’s changed

About every six months, we review our terms and policies to make sure they’re as clear as they can be and decide whether we should make any updates. This time around, we’re very focused on bringing our policies into alignment with a new law in Europe known as the General Data Protection Regulation, so we’ve made some changes to our Privacy Statement and Terms of Service to cover our compliance with that law. We’ve made other changes to our terms to clarify account control and developer obligations when integrations are created for others.

Updates to our Privacy Statement

Over the last few months, we’ve gotten a few questions asking about our General Data Protection Regulation (GDPR) compliance. We are proud to announce that we are compliant with the GDPR. Additionally, we have always provided the same level of privacy protection to our users regardless of their residency, location, or citizenship—and that will not change. We provide strong privacy and security protection to all of our users.

For the most part, our changes to the Privacy Statement are only points of clarification. GitHub doesn’t ask for more personal data from our users than we need to provide our services to you. Where we offer you the option of giving us more data, we provide you the ability to access and delete the data you have given us. For example, you can always remove your profile information, your comments in issues, and your repository contents. We have gone through our Privacy Statement to provide more context and transparency, though, so our users understand exactly why we ask for information and what we’ll do with it.

GDPR Compliance

• The GDPR requires us to inform our users about the legal basis on which we process their data. In this update, we explain what data we collect and why
• We describe our security practices in more detail
• We now provide a separate page describing our tracking, our use of cookies, and listing our subprocessors (the vendors and third parties we have engaged to process personal data on our behalf)
• Throughout the Privacy Statement, we provide greater transparency and insight into our data collection, data handling, data retention, and data deletion processes
• If you are a Corporate Terms of Service customer and you need a Data Protection Agreement with us, please contact support. We will be happy to provide one. Please understand that with the GDPR compliance deadline coming up, our volume of requests is high, but we will respond to you as promptly as possible

Updates to our Terms of Service and other policies

Standard Terms of Service and Corporate Terms of Service

Much like the changes to the Privacy Statement, most of the changes to our terms are clarifications of pre-existing sections. Here are a few sections we’d like to highlight:

• Third Party Applications: We combined the Marketplace section with general requirements for those creating integrations for other users to provide better protections for GitHub users and their data. The Marketplace section is now called “Third Party Applications,” since it now applies to more than just GitHub’s Marketplace. We’ve also added a “Third Party Applications” section to the Privacy Statement to discuss our users’ privacy expectations in regards to those applications
• Access to Private Repositories: In Section E, we clarified the purposes for which we may be required to access private repository contents, in line with the security obligations of our GDPR compliance program
• More definitions: We included definitions of “User Accounts” and “Organizations” and described who has control of those types of accounts

Other policies

• Community Forum Code of Conduct: Last year we launched the Community Forum. The Community Forum is a growing part of our platform and we thought it’d be great to include the Code of Conduct in our Site Policy repository, since we hadn’t yet included it
• Marketplace Developer Agreement: We’ve made some updates to this agreement that reflect some of the changes to the Marketplace over the past year
• Takedown policies: We’ve updated our takedown policies to add clarification around what’s covered by our DMCA policy
• Statement Against Modern Slavery and Child Labor: We’ve added our 2018 statement describing the steps we’ve taken to prevent modern slavery and child labor from occurring in our business and supply chain

Taking action

We’ll leave the pull requests open until 5 pm Friday, May 18. Then, we’ll take a week to go through your comments and make changes to improve the policies. We’ll enact the new policies on Friday, May 25.

We look forward to hearing from you!

GitHub is more than a home for code. It’s a forum for collaboration, a sandbox for testing, a launchpad for deployment, and often, a platform for learning new skills. After training thousands of people to use Git and GitHub, the GitHub Training Team has established a tried-and-true method for helping new developers retain more information and ramp up quickly as they begin their software journeys. And now, we’re making those experiences accessible to developers everywhere with GitHub Learning Lab.

Instead of a traditional tutorial or webcast, GitHub Learning Lab is an app that gives you a learning experience you can actively participate in, without leaving GitHub. Our friendly bot will take you through a series of practical, fun labs that will give you the skills you need in no time—and share helpful feedback along the way.

Start learning

How it works

With GitHub Learning Lab, you’ll learn through issues opened by a bot in a GitHub repository. After you finish tasks, the bot will comment on your work and even review your pull requests like a project collaborator would.

If you have questions that come up while you complete a course, you can get answers in the GitHub Learning Lab Community Forum. This is a new way to get support from a community of learners and expert trainers (including members of the GitHub Training Team) as your journey progresses.

Check out the GitHub Learning Lab Community Forum

What’s covered

You’ll find five courses covering our most popular topics at launch:

Introduction to GitHub: Get an introduction to the most common, collaborative workflow for developers around the world.

Communicating using Markdown: Learn how to communicate on GitHub and beyond with Markdown’s simple syntax.

GitHub Pages: Host a website or blog directly from your GitHub repository.

Moving your project to GitHub: Get tips for migrating your code and contributors to GitHub.

Managing merge conflicts: Learn why merge conflicts happen and how to fix them.

Coming soon to GitHub Learning Lab:

Contributing to open source: Make your first open source contribution in a friendly mapping project.

What’s next

This is just the beginning. We’ll be expanding how this app helps new developers, inviting new course authors, and adding more topics as we go. Let us know what you think in the Community Forum.

Learn more about GitHub Learning Lab

The GitHub for Visual Studio Extension team has been running a beta of pull request reviews from within Visual Studio for nearly a month, and we’re very excited to announce the feature has shipped this week!

Viewing, checking out, and reviewing pull requests are part of our every day workflow as GitHub users. And if you develop with Visual Studio, you no longer have to leave your editor to work in pull requests with your team.

What to expect

The most recent release of our extension supports you through these common pull request workflows:

Pull request navigation

• Quickly view all of the pull requests on the repository you’ve cloned from Team Explorer
• View the details of a specific pull request and checkout the pull request branch
• See which pull request is checked out right from the status bar. If you don’t have one checked out, this button will link you back to the list of pull requests

Review code

• Start a review from the GitHub pane within Visual Studio
• Open the diff view of files edited within the pull request by clicking on any of the changed files
• Leave an inline comment, and start a review from that comment
• Submit a review that comments, approves, or request changes to the pull request

Address feedback in Visual Studio

• Click on a comment in the GitHub pane within Visual Studio to open it in a diff
• View all of the reviewers for a given pull request
• View all of the reviews that a specific reviewer has left on a pull request

What else is in this release

This release also includes:

• An enhancement to make navigation from diff to editor view more discoverable
• A bug fix for GitHub Enterprise users that was causing avatars to be repeatedly downloaded
• A fix for an initilization bug that caused MEF initialization to slow down Visual Studio extensively
• A navigation improvement that gives users one-click access to the pull request they’re working on or the list of pull requests if they are not currently on one—even if the GitHub panel is not open
• An update using GraphQL instead of REST

How you can help

As we continue to build on the GitHub for Visual Studio Extension, we want to know how we can best support the workflows of our users and contributors. Even if you don’t write code in Visual Studio, we’re wondering:

1. How do you and your teammates communicate in pull requests?
2. When in an editor, how do you use GitHub.com to: (a) Look at the list of pull requests? (b) Open a new pull request? (c) Look at the details of the pull request you are working on?
3. When reviewing a pull request, what is important to you? For example, does it matter to you who authors a pull request?

Let us know on Twitter at @GitHubVS or head over to our tracking issue on pull request workflows to share your thoughts and help us improve our features!

Connect with us

If you haven’t already, be sure to follow us on Twitter at @GitHubVS to see what we’re up to or check out our repository and start contributing!

Whether you want to make repository conversations more productive or keep your code safe from accidental pull requests, our new maintainer tools are for you. Minimized comments, retired namespaces for popular projects, and new pull request requirements are just a few of the ways we’re making it easier for maintainers to grow healthy open source communities on GitHub. Here’s some more information about how they work:

Minimized comments

Developers use comments in issues and pull requests to have conversations about the software they’re building on GitHub, but not all of the comments are equally constructive. Sometimes contributors share comments that are off-topic, misleading, or offensive.

While maintainers can edit or delete disruptive comments, they may not feel comfortable doing this, and it doesn’t allow the comment author to learn from their mistake. As part of our tiered moderation tools available to project owners, maintainers can now click in the top-right corner to minimize and hide comments—in addition to editing, deleting, or reporting them.

Minimized comments will be hidden by default with a reason for why it was minimized, giving more space to the comments that advance the conversation. Developers who view the project can choose to temporarily expand minimized comments by clicking “Show comment”.

Learn more about minimized comments

Popular repository namespace retirement

Many package managers allow developers to identify packages by the maintainer’s login and the project name, for example: Microsoft/TypeScript or swagger-api/swagger-codegen. This is an efficient way to describe a dependency, but sometimes maintainers delete or rename their accounts, allowing developers to intentionally or unknowingly create projects with the same name.

To prevent developers from pulling down potentially unsafe packages, we now retire the namespace of any open source project that had more than 100 clones in the week leading up to the owner’s account being renamed or deleted. Developers will still be able to sign up using the login of renamed or deleted accounts, but they will not be able to create repositories with the names of retired namespaces.

Accidental and “drive-through” pull request prevention

Popular open source projects receive lots of pull requests. While most of them are constructive, occasionally project owners receive a pull request from a collaborator who suggests changes from a stale branch or another collaborator’s fork.

Since the author can’t always respond to feedback on the proposed changes, these pull requests create noise for maintainers and do little to push the project forward.

To minimize noise, we no longer allow pull requests from contributors unaffiliated with the project or the changes proposed. Specifically, pull requests will be restricted if:

• There’s no explanation of changes in the body of the pull request, and
• The author is not a bot account, and
• The author is not the owner or a member of the owning organization, and
• The author doesn’t have push access to the head and the source branches

This should not affect automated workflows, private repositories, or repositories on GitHub Enterprise.

Learn more

If you have questions about how these tools make it easier for your to grow welcoming communities around your project, check out this guide on building open source communities or get in touch with us.

March flew by, but you shipped some not-to-be-missed releases last month. Here’s a list of the ones that hit our radar—many of them 1.0s!

Fastify 1.0

Congratulations to Fastify, which has reached a milestone 1.0 release. If you couldn’t guess from the name, Fastify is a Node.js web framework with an emphasis on speed. In addition to speed, Fastify has a flexible plugin system and 60 officially-recognized plugins. Version 1.0 solidifies the API and begins a period of long term support, with a commitment to security fixes. Be sure to read the Fastify 1.0 release announcement for more details.

impress.js 1.0

Impress.js is also celebrating a 1.0 release. Have you ever wished you could make a presentation in your text editor instead of fighting with Keynote or PowerPoint? Your wishes can come true with impress.js, a presentation framework that uses HTML and CSS transformations. The 1.0 release marks the introduction of a plugin architecture, Markdown support, and a new lead maintainer. Check out the release announcement and get a taste with these examples.

Did you know? Impress.js has been used to create countless presentations, like this Python workshop from the University of Tehran (source repository) that uses substeps, syntax highlighting, and 3-D space.

OpenPGP.js 3.0

OpenPGP.js is an OpenPGP implementation written entirely in JavaScript. The project wants to make it possible “to sign, encrypt, decrypt, and verify any kind of text” without relying on native code. The version 3.0 release includes performance improvements, public-key cryptography using elliptic curves, and some improvements to the library’s internal development (like refactoring to ES6 variable declaration syntax). See the release announcement for more.

Did you know? OpenPGP is an internet standard for encrypted email.

DBeaver 5.0

It feels like a bit of an understatement to say that DBeaver is a cross-platform SQL client. They call it the “universal SQL client” and for good reason: it supports MySQL, PostgreSQL, Oracle, SQLite, Microsoft Access, and many others. DBeaver’s 5.0 release introduces a (beta) PostgreSQL debugger, niceties like automatic reconnecting, and a load of bug fixes. Check out the release notes for more details.

Legit 1.0

Legit is another project being welcomed into the version 1.0 club. Legit is described as “Git for Humans.” Inspired by GitHub Desktop, Legit adds shortcuts to the Git command line interface. It simplifies synchronizing with remote repositories, publishing new branches, or undoing commits. Legit 1.0 improves help messages, adds new –fake and –verbose options so you can see what’s happening under the hood, and cleans up some installation and configuration commands. Even Git experts will want to check out these convenient additions.

Did you know? Kenneth Reitz, the creator of Legit, used to be a guest blogger for us back in the day with the GitHub Reflog.

Plyr 3.0

Plyer is an HTML5 video player that can also embed Vimeo and YouTube videos. The release notes call version 3.0 a “massive release” that rewrites most of the video player in ES6. Apart from the substantial rewrite, it adds new features like support for Safari’s picture-in-picture mode, YouTube quality controls, and more.

Did you know? Plyr showcases how open source is being used by companies around the world, from sports magazines to automakers.

Pell 1.0

Pell makes a bold and convincing claim to be “the simplest and smallest WYSIWYG text editor for web.” At just 3.5 kilobytes minified, it certainly is small and covers all the basic formatting you’d expect from an editor: bold, italic, headings, lists, quotes, and more. Version 1.0 trims some extraneous styles and fixes bugs. Check out the release notes for more information.

Mjml 4.0

MJML is a high-level framework that helps you design responsive emails. Version 4.0 introduces some control over how the Outlook web app renders your messages, customization for the default breakpoints, column gutters, bug fixes, and more. Read the release notes for more info.

Did you know: The MJML community has created a bunch of tools to work with MJML, including an Atom package.

Workbox 3.0

Workbox is a collection of JavaScript libraries for developing Progressive Web Apps that go offline gracefully with service workers. The version 3.0 release of Workbox shrinks the size of the library, kicks off official CDN support, and improves debugging and logging. Take a look at the full release notes though, because there’s a lot more.

Rough 2.0

rc.rectangle(15, 15, 80, 80, { roughness: 0.5, fill: 'red' });
rc.rectangle(120, 15, 80, 80, { roughness: 2.8, fill: 'blue' });
rc.rectangle(220, 15, 80, 80, { bowing: 6, stroke: 'green', strokeWidth: 3 });
rc.rectangle(320, 15, 80, 80, { fill: 'red', stroke: 'blue', hachureAngle: 60, hachureGap: 10, fillWeight: 5, strokeWidth: 5 });
rc.circle(460, 55, 80, { stroke: 'red', strokeWidth: 4, fill: 'rgba(0,255,0,1)', fillWeight: 4, hachureGap: 6 });
rc.circle(510, 55, 80, { stroke: 'blue', strokeWidth: 4, fill: 'rgba(255,255,0,1)', fillWeight: 4, hachureGap: 6 });

Rough.js is a library that helps you use the Canvas API to make shapes that look hand-drawn. It can be used to draw lines, simple geometric shapes, or complex SVG paths. Version 2.0 fixes bugs, improves documentation and examples, and adds support for asynchronous drawing, so complicated shapes don’t block the main thread. Check out the project on GitHub.

Did you know? There’s a Snake clone made with Rough.js for those times you’re feeling nostalgic for your old Nokia feature phone. Play it here or view the source.

That’s just a handful of releases you shipped last month—keep them coming! If you’ve got a release that should be on our radar, send us a note.