this post was submitted on 16 May 2024
160 points (86.0% liked)

Open Source

31111 readers
286 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

As you can easily notice, today many open source projects are using some services, that are… sus.

For example, Github is the most popular place to store your project code and we all know, who owns it. And not to forget that sketchy AI training on every line of your code. Don't we have alternatives? Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.

Also, Crowdin is very popular in terms of software (and docs) translation. Even Privacy Guides and The New Oil use Crowdin, even though we have FLOSS Weblate, that you can easily self-host or use public instances.

So, my question is: if you are building a FLOSS / privacy related project, why using proprietary and privacy invasive tools?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 5 months ago (1 children)

@mormund It's not about the privacy of the code, but the privacy of the users clicking on github and then reading some news. They aggregate behavioral data about you.

> the only thing that can be lost are issues and pull request histories

"Only"?? That's a HUGE problem. That's exactly one of the walls keeping people inside github. Git protocol could distribute that, but it doesn't suit the commercial platform's interests -> go to open platforms instead.

[–] [email protected] 5 points 5 months ago (2 children)

Can you name an open platform that actually does distribute PRs and issues? I know there were a few that tried but I mean one that actually succeeded and is usable by people who just want to report a bug?

Also, your issues and pull requests are much more likely to be lost in your self-hosted one project instance than on GitHub if anything happens to you.

[–] [email protected] 4 points 5 months ago (1 children)

@taladar Discussed in other threads here - forgejo.org is implementing forgefed which will do this, it's a work in progress, monthly reports here https://forgejo.org/tag/report/

[–] [email protected] 3 points 5 months ago (1 children)

Forgefed seems to be ActivityPub based which, judging by Lemmy, doesn't solve the redundancy issue at all, it just allows you to interact with the content hosted in a single place from your own single place, giving you two single points of failure and two points where you can be tracked instead of one. This is not really the same kind of distributed as git repositories.

[–] [email protected] 1 points 5 months ago (1 children)

@taladar

"two single points"

Ok that got me, I have no response.

[–] [email protected] 4 points 5 months ago (1 children)

The term "single point of failure" means that only that point has to fail for the entire system to become unusable. You can easily have more than one of those in a system though.

[–] [email protected] -2 points 5 months ago (1 children)
[–] [email protected] 3 points 5 months ago

Yeah, the whole commenting won't work if the server where the repo is hosted fails or the server where the person has an account. There is no redundancy.

[–] [email protected] 0 points 5 months ago (1 children)

The pull request model is broken so why care about its replication? Send patches to a mailing list, ask for Gerrit, hopefully ForgeFed can be a thing sooner than later.

[–] [email protected] 0 points 5 months ago (1 children)

Talking about PRs being broken and then bringing up email, just about the most broken technology still in wide-spread use, is sort of ironic.

[–] [email protected] 0 points 5 months ago

It’s as broken as you make it—but if the Google started top posting for everyhing & everything is done thru the web, of course the UX is going to be even worse than it already. I have accepted patches by mail, & honestly it was easier (small changes, with no feedback required).

But your comment ignored Gerrit, ForgeFed… you could use a decentralized sync system like Radicle.