this post was submitted on 05 Mar 2024
70 points (90.7% liked)

Open Source

31173 readers
124 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Just finished writing out a lengthy comment,
with the up/downsides I can see
on each of the code forges I currently deem promising,
on the Github Discussion "Alternatives to GitHub"

And I was wondering, out of following 2,
which code forge would you guys prefer and why?

top 25 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 8 months ago

Radicle sounds really fun

I'm currently using forgejo, and loving it. But my server's config is stored on the server, so in case my server fails my git is not available to recover the server easily

And radicle looks like a solution

[–] [email protected] 5 points 8 months ago

Radicle in theory. It's P2P with optional larger nodes. Practically, the interface isn't Github 2017, but it's missing continuous integration (which they're working on, I think). The downside I see with radicle is that getting it on nix isn't easy. The version there is outdated and the radicle team kind of works in its own little bubble. They are on Zulip (where Rust is too), but... who uses Zulip? They aren't on the fediverse and don't do any kind of promotion.

However, forgejo is working towards federation with activitypub which should enable it to talk to the rest of the fediverse. However they have been working on it for years now. In some status update I read they were aiming to have something quite stable by the end of the year. Forgejo is more active with regular blog updates, a wellknown host (codeberg) and funding from NGI.

I'd prefer radicle, but realistically, forgejo is going to have a much bigger userbase in 2025 (if things go smoothly).

CC BY-NC-SA 4.0

[–] [email protected] 6 points 8 months ago (1 children)
[–] [email protected] 0 points 8 months ago (1 children)
  • They're on Zulip, not discord: https://radicle.zulipchat.com/
  • They're DAO-funded but there's no crypto in the code (which is Apache and MIT licensed)
  • install by sh is shit, but that's a red flag for a bunch of things: nix, rust, nvm, and a bunch more
[–] [email protected] 1 points 8 months ago* (last edited 8 months ago)

They're on Zulip, not discord: https://radicle.zulipchat.com/

I wrote that the community was on discord. And open that link, you will see, discord is literally at the top of the page, the first 3rd party thing that you can see...

Although I will admit that their "radicale" project has no mention of discord, and has a couple links to zulip, discord is likely going to be the preferred platform for many, given how relatively niche zulip is (I never heard of it before, and I have had accounts on matrix, signal, and simplex for years - or months for the latter. To illustrate my point, the zulip app on f-droid is barely more than one year old, while the element app is much older, especially as it was preceded by RiotX before that, which was a rewrite of the original Riot client).

So, while I salute them promoting zulip on the project page, the criticism still stands, as anyone searching for anything a bit more widespread to contact them will only find discord.

They're DAO-funded but there's no crypto in the code

DAOs have nothing to do with funding. It is all about governance. This type of organisation is based on "smart contracts", that are entirely a "blockchain" centric concept, and (AFAIK) rely entirely on ethereum. Aside from the fact that this type of organisation is as fragile as the underlying cryptocurrency, the summary of this video disagrees with you (emphasis mine):

[...] to create Radicle and how it fits into the DAO ecosystem

I hardly see how one can make software "fit into an ecosystem" without a single line of code integrating it with said ecosystem.

install by sh is shit

I think you mean "install by piping the internet to sh". If so, yep. That's a wild understatement, but yep.

If not, well, " install by sh" is literally what the overwhelming majority of package managers do... So... Nope.

that's a red flag for a bunch of things: nix, rust, nvm, and a bunch more

Yep. Although in the case of rust, fortunately, any sane developer will use their OS's package manager, but yep.

[–] [email protected] 6 points 8 months ago

Either is a step in the right direction & it’s weird AF that the author is writing this on Microsoft GitHub to begin with. The pull request model is garbage & wastes a lot of time, but both forges copy it instead of offering better review options (specifically those based on patches). My preference would be not even Git which would be in the neither category. Patch models are good & patch order shouldn’t matter which eliminates an entire class of bugs in dealing with version control. Folks should give Darcs & Pijul a look over their DVCS capabilities even if the forges aren’t too polished.

[–] [email protected] 14 points 8 months ago
[–] [email protected] 6 points 8 months ago* (last edited 8 months ago)

I hadn't heard of radicle. I like that forgejo has CI

[–] [email protected] 41 points 8 months ago (1 children)

Radicle is a solution is search of a problem, while Forgejo is already a solid alternative to Github and once it federates via ActivityPub it will be really awesome.

[–] [email protected] 8 points 8 months ago (1 children)

Are there plans for it? Sounds awesome!

[–] [email protected] 14 points 8 months ago* (last edited 8 months ago) (1 children)

Yes it is being worked on for quite some time already.

[–] [email protected] 10 points 8 months ago (1 children)

Can't wait to review PRs from my Mastodon or Lemmy account 😁

[–] [email protected] 16 points 8 months ago* (last edited 8 months ago) (3 children)

That might be overly optimistic? Someone please correct me if I'm wrong, here.

From my understanding, the main drive behind adding AP federation is to allow users of separate code forges to collaborate on each other's projects, much like how users of lemmy can interact with communities of other lemmy instances. This is big because it could break the "but everyone is on GitHub" problem.

Currently, it's difficult to justify completely leaving GH, since those that do leave behind countless users and developers who won't follow them and create yet-another-account on one-more-website. Federated code forges have the potential to bring easier decentralization to an ironically centralized land.

Keyword here being easier. Because even though Git is already decentralized by design and some think git-send-email is plenty for collaboration (e.g. many Linux maintainers, sourcehut users), it turns out way more people prefer doing their work in pretty web UIs.

But just like lemmy and mastodon aren't great at showing their users content from the other platform because it's not a priority, I don't see why forgejo would prioritize letting lemmy users interact with projects.

[–] [email protected] 1 points 8 months ago

I dont think you'd want to, but I do think it would work if its ActivityPub

[–] [email protected] 5 points 8 months ago (1 children)

Of course! I was just joking.

[–] [email protected] 3 points 8 months ago

My bad, I wasn't sure! Figured it'd be better to waste a little time typing than risk people misunderstanding the context behind the tech.

[–] [email protected] 4 points 8 months ago (2 children)

I agree it shouldn't be the main focus to ensure cross-platform interactions but the beauty of a shared protocol is that they are possible. Like, I use Mastodon and Lemmy but I'm not super fond of either — the fediverse is another deal though. I love the (sometimes hypothetical) interconnectedness of different softwares.

Now, is it going to be a hot mess if/when all fedi users can jump in source repo issues? Absolutely! 🤣

[–] [email protected] 1 points 8 months ago

There's already a guy using his email to post on the fediverse, so I think it'll probably happen at some point!

[–] [email protected] 2 points 8 months ago

One can hope :^)

[–] [email protected] 16 points 8 months ago* (last edited 8 months ago) (1 children)

I don't need or want replication of my private projects to a peer to peer network. That's just extra bandwidth to and from my server, and bandwidth can be expensive. I already replicate my code to two different places I control, and that's enough for me.

I'm not sure who Radicle is for, but I don't think the casual hobbyist looking to self host something like Forgejo would benefit at all from Radicle.

Loading the source code for Radicle on Radicle also seems fairly slow. It seems this distributed nature comes at a speed tradeoff.

With the whole Yuzu thing going on, I can see some benefit to Radicle for high profile projects that may be subject to a takedown. In that respect, it's a bit like "Tor for Git."

I suspect that over time, pirate projects and other blatantly illegal activities will make use of Radicle for anti-takedown reasons. But to me, these two projects solve two different problems, for two different audiences, and are not really comparable.


Edit: There is already enough controversy surrounding Radicle, that, if I were someone looking to host a takedown-resistant, anonymous code repository, I would probably be better served hosting an anonymous Forgejo instance on a set of anonymous Njalla domains and VPSes. The blockchain aspect was already a bit odd, and what I'm now seeing from Radicle does not exactly inspire confidence. I don't think I'll ever use this.

[–] [email protected] 0 points 8 months ago (1 children)

There is already enough controversy surrounding Radicle

LMAO!

Please get rid of: node.js, npm, packages from npm, Electron, svelte. Cargo and crates are also not good. #1469

Are you seriously calling this "controversy"? One dude saying npm is backdoored? 🤣 And he wants them to remove JS from the project as well as rust. My sides. What should they be using? The almighty C?

Amazing. I literally was wheezing while reading the "issue". Thanks for giving me a good laugh.

CC BY-NC-SA 4.0

[–] [email protected] 0 points 8 months ago

I'm not talking about that. I'm talking about this:

I agree with the sentiment here, but all the technologies mentioned allowed us to ship a working application in a timely manner. I think that should always be the first goal. Now that this is out of the way, we can start looking at improving efficiency, security, resilience etc.

"Security Second" is not good messaging for a project like this.

But I'm glad my comment was hilarious to you.

[–] [email protected] 21 points 8 months ago (2 children)

That guy really hates 2fa.

[–] [email protected] 1 points 8 months ago
[–] [email protected] 10 points 8 months ago

Till he gets hacked