Re: So... trying to replace GitHub?
JFrog doesn’t mean to replace GitHub or claim to be the IP source for the modules. The goal of GoCenter is trifold:
1. Speed up the resolution of modules. Currently, modules are packed on the client (for the most part). The source code is cloned every time the module is requested, packed into an archive and stored on a single computer cache. It could be more efficient: GoCenter caches the archived modules, providing a simple and efficient one file HTTP GET download.
2. Provide immutable cache. Go modules rely on GitHub tags for versioning. While in general case once a tag is created its content won’t change, there are no guarantees for that. Git allows force-push new code under an existing tag, practically allowing retrieval of different code for the same module request over time. This an anti-pattern in dependency management. GoCenter fixes that by locking the content under a version of a module. You will always retrieve the same module that was first cached, regardless of what happens with the tag in GitHub.
3. Provide persistency. People delete content from GitHub. That might lead to non-reproducible build. You used ad dependency once, but now, when you run the same go build from a different machine it fails because Go won’t be able to download the sources of the dependency as it was deleted. GoCenter fixes that by caching the modules forever.
You can find more on the relationship between the module sources in GitHub and GoCenter and on the benefits we provide in our FAQ: https://jfrog.com/gocenter/