this post was submitted on 16 May 2024
161 points (86.4% liked)
Open Source
31218 readers
268 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Maybe an unpopular opinion but why would you care about how privacy invasive GitHub is? Your code is open-source anyways so MSFT can steal it wherever you host it. And if they haven't changed it you're able to sign up with just an email and a pseudonym. It's not a social network where you have to post private information for it to be useful you can and most people do use it pretty anonymously.
So I never understand the outrage about GitHub and MSFT. Git is distributed anyway, the only thing that can be lost are issues and pull request histories. If they fuck up, everyone can just move. Now GitHub Actions, that is a clever thing for binding users...
they can take your whole project down if they want so. or if they are forced to do so.
git is literally distributed. Its trivial to push it to a new origin if that happens
so why not do it from the beginning?
Because the downsides completely outweigh the upsides by a massive amount. Risk of GitHub removing any of my projects is practically 0, while the upsides of hosting elsewhere is also almost 0.
but does it really matter where your personal project with maybe 10 stars resides? if not why not choose something like codeberg?
Yes because every company I work at uses GitHub, I use GitHub actions at work, and the majority of programmers on the planet use GitHub. So I’d not only need to maintain another account, use a different build system, and spread my project in some other manner, but I’d be losing the majority of my contributors (my most starred project has 100 stars, second most is 50). If that’s on a platform with the _most _ contributors then I literally wouldn’t have any on a different platform. I have 40+ FOSS projects (source, not forks) and I’m not going to maintain all of those somewhere where they won’t get viewers.
Because its a very low risk, both in terms of likelihood and impact
I can understand the argument against GitHub in two contexts, one is when people build features into their software that assume GitHub, e.g. when a programming language assumes it can just prepend github.com/ to your repo to find it and the other is the argument that losing GitHub would be a huge blow because so many projects are there and only there so a lot of things would have to be done at once if that ever happened.
@mormund It's not about the privacy of the code, but the privacy of the users clicking on github and then reading some news. They aggregate behavioral data about you.
> the only thing that can be lost are issues and pull request histories
"Only"?? That's a HUGE problem. That's exactly one of the walls keeping people inside github. Git protocol could distribute that, but it doesn't suit the commercial platform's interests -> go to open platforms instead.
Can you name an open platform that actually does distribute PRs and issues? I know there were a few that tried but I mean one that actually succeeded and is usable by people who just want to report a bug?
Also, your issues and pull requests are much more likely to be lost in your self-hosted one project instance than on GitHub if anything happens to you.
The pull request model is broken so why care about its replication? Send patches to a mailing list, ask for Gerrit, hopefully ForgeFed can be a thing sooner than later.
Talking about PRs being broken and then bringing up email, just about the most broken technology still in wide-spread use, is sort of ironic.
It’s as broken as you make it—but if the Google started top posting for everyhing & everything is done thru the web, of course the UX is going to be even worse than it already. I have accepted patches by mail, & honestly it was easier (small changes, with no feedback required).
But your comment ignored Gerrit, ForgeFed… you could use a decentralized sync system like Radicle.
@taladar Discussed in other threads here - forgejo.org is implementing forgefed which will do this, it's a work in progress, monthly reports here https://forgejo.org/tag/report/
Forgefed seems to be ActivityPub based which, judging by Lemmy, doesn't solve the redundancy issue at all, it just allows you to interact with the content hosted in a single place from your own single place, giving you two single points of failure and two points where you can be tracked instead of one. This is not really the same kind of distributed as git repositories.
@taladar
"two single points"
Ok that got me, I have no response.
The term "single point of failure" means that only that point has to fail for the entire system to become unusable. You can easily have more than one of those in a system though.
@taladar Emphasis on "entire system".
Yeah, the whole commenting won't work if the server where the repo is hosted fails or the server where the person has an account. There is no redundancy.