Follow

I understand that many projects have been locked in as a result of a choice made in the past.

However, it makes little sense to me to see new, interesting projects to opt for while there are less unethical code hosting platforms out there.

@dimitrisk I’m having this debate recently with folks starting new projects, and their arguments are:
- to get the biggest audience/community they want to go with the “standard” where most other popular projects are
- (from managers) when using open source to recruit, again there is a desire for the visibility of GitHub, because most candidates will look at the company’s presence there.
Not saying I agree but that’s where people are.

@dimitrisk @rysiek for me, it's discoverability: I use shitty GH code search a lot. I think I'd get a lot less contributors in a private Gitea instance. I hope that these impediments will be solved in the future.

@astro @dimitrisk but you are also the flipside of your own reason to be on GitHub: the reason more contributors are present on GitHub is because there are more projects there.

Network effect.

@rysiek @dimitrisk I am missing a code search service that works across sites.

The search experts at Google offered that once but canned it like they always do with actually useful products.

@astro
I actually pulled my code off of GitHub (and archived it there) since I got no contribution whatsoever.

Not surprisingly when you consider that the median number of maintainers is 1.

Working across different Gitea instances is an interesting subject.
I was wondering whether WebMention or so could be used for the communication part.

Or we go back to classical mailing lists with all their downsides.
@dimitrisk @rysiek

@rysiek @RyunoKi @astro @forgefriends @forgefed

Wrt discoverability, I suppose that large projects do not desperately need to be discoverable.

Small and single-person projects may benefit from the community culture present in non big-tech, platforms as well, instead of being lost in the github crowd.

@dimitrisk @rysiek @RyunoKi @astro @forgefriends @forgefed I tend to agree: knowing the vast majority of internet search go through Google, it would be surprising that discovering software projects is predominantly dependent on GitHub.

@dachary @dimitrisk @rysiek @RyunoKi @forgefriends @forgefed codesearch could be a neat niche for every search provider, eg duckduckgo

@astro
I was about to suggest writing an Instant Answer plugin for it:
help.duckduckgo.com/open-sourc

But it appears DuckDuckHack switched to maintenance mode for the time being
@dachary @dimitrisk @rysiek @forgefriends @forgefed

@lwriemen
Actually npm appears quite prominent (acquired by GitHub before they in turn were bought up by Microsoft)
@astro @dachary @dimitrisk @rysiek @forgefriends @forgefed

@dimitrisk @rysiek @RyunoKi @astro @forgefriends @forgefed Discoverability? Who just wanders around GitHub looking for projects? I've literally never done that and can't imagine why I'd bother.

@be @dimitrisk @RyunoKi @astro @forgefriends @forgefed that's kind of my internal reaction too, but I've learned that my lack of imagination is not a great proof that something isn't a thing. 😉

@malte @be @dimitrisk @RyunoKi @astro @forgefriends @forgefed

I do that too sometimes, i.e. to find new #ActivityPub projects to add to the #delightful lists at codeberg.org/fediverse

Wrt network effects mentioned by @rysiek I want to call on everyone, technical-minded or not to check out #forgefriends community. It is co-shared by multiple projects, open and welcoming.

With federation we can open the ecosystem for the entire Free Software Development Lifecycle, where Github is so dominant.

@malte @be @dimitrisk @RyunoKi @astro @forgefriends @forgefed @rysiek

Oh, I'll place a link to the #forgefriends community:

forum.forgefriends.org

Dedicated to bringing code forges to the #Fediverse and with 2 free software projects working on that currently:

forgefriends.org

forgeflux.io

Also note that @gitea will be working on federation, hopefully in close collaboration and maybe see themselves as part of "forge friends" movement to grab the opportunities that exist.

@be I'm not too fond of it, but it works for me. I'd be happy to know alternatives, if they exist.

@be @dimitrisk @rysiek @RyunoKi @astro @forgefed Just the other day I searched GitHub for a particular vulnerability and mass opened issues on all of their repos that way, the few projects that didn't use GitHub were much harder to track down the vulnerability and figure out how to report it.

Personally I host all my code on my own gitea and GitHub and they link to each other.

@moparisthebest

Regarding the reporting I would advocate for SECURITY.md files, e.g. snyk.io/blog/add-a-security-md

Mass scan would require some kind of @MetaGer but for code.
Some way to register one's search.

@forgefed @dimitrisk @rysiek @be @astro

@moparisthebest
Try doing that, privately.

We know people don't like to hear this but if a project is exclusively on Github (or CloudFlare GitLab) then its not ethical.

Thankfully, Gargron is fairly easily contactable from outside Github. Thankfully many BTC devs are easily contactable, this is **not** the case for all projects — and big ones.

Some have really created a #unwelcoming and we argue unethical #walledGarden on those platforms.

@forgefed @dimitrisk @RyunoKi @rysiek @be @astro

@be @dimitrisk @rysiek @RyunoKi @astro @forgefriends @forgefed You know where I do wander around in. AptGet!

At least then I know there's enough curation to assure me those projects are alive and still functional on the latest systems!

If it's not in Debian, I like asking whether anyone would actually recommend the project.

@rysiek @RyunoKi @astro @dimitrisk ah, my bad. posts weren't federating.

regardless, there doesn't seem to be any actual progress being mentioned on the @forgefriends account, and what we said earlier remains true for @forgefed, so the point still stands.

@dachary
Woah, that article touches so many points I had in mind that I will go over it and follow the links.

Thanks for sharing!
@rysiek @snailerotica @astro @dimitrisk @forgefriends @forgefed

@astro @rysiek @dimitrisk if you *have to* have you code discoverable on GH, just use GH only as mirror of your repo elsewhere. I 'm doing the oposite too: create on my gitea mirror of everything i notice as interesting on GH.

@dimitrisk The majority of people has a github account, if you want to get them involved, you need to be there.

@gcrkrause I get your point. However, we have this discussion on the fediverse instead of twitter or facebook, after having found an instance and created a new account here, while most people just use the big social platforms.

Let's say now that you are a contributor and you feel that there is a contradiction between making foss and using github. How much of a burden is to create a new account?

@dimitrisk lets imagine users want to file an issue. They are pretty diversive, some might just not understand how another platform works, some might rely on special accessibility tools... Now imagine some devs, who earn some money each month with github sponsors, who cannot effort to rent their own infrastructure... I guess the effort is quite low in the average but high in the median

@gcrkrause @dimitrisk Honestly? There is also new account fatigue for some of us. Like, I get it that this part of the web is decentralized, but I'm also tired of creating new accounts. An ideal would be to pipe the 2 together while encouraging others use more ethical alternatives. And, of course, accessibility needs. Big tech is far, far, better about that than most would care to admit.

@weirdwriter yes, this is an important thing as well, thank you for the addition! Real decentralisation requires using of a service without creating an account there. I guess mailing patches kind of solves this issue, but its a workflow barely anyone supports and is slightly harder to lern than filing a merge request. @dimitrisk

@gcrkrause @dimitrisk granted, it’s much easier to delete accounts over here than it is on the mainstream, but just the sheer notion of keeping up with multiple accounts, really does not appeal to me at all like it used to. Maybe this comes from weeks of me trying to delete myself from the mainstream web, and old services I used to use but no longer use. It’s really made me change my view on having multiple accounts just to use a new service.

@dimitrisk I moved all my repositories from Github to a gitlab. It's some work, but it's doable. So, even if you choosed Github in the past, it is not forever.

I documented the migration (in french) bortzmeyer.org/github-to-gitla

@dimitrisk In what way is GitHub unethical? I now lots of people dislike the M$ ownership, but is there something more sinister which I've missed?

@underlap @dimitrisk People often cite its proprietary nature, the increasing commercialization of it, and the fact that it has worked with ICE.

I personally avoid it because it's a walled garden situation.

@josias @dimitrisk Thanks. What's ICE?

Not sure about GitHub being a walked garden as I can fork a repo freely. But maybe GitHub actions etc. are thought to impede this by creating build-time dependencies.

@underlap @dimitrisk ICE is the United States Immigration and Customs Enforcement, i.e. the enforcement behind the US border and those considered responsible for the what happens there (I'm not comfortable discussing this further here).

Regarding the walled garden:
You can fork and clone repos from GitHub freely, but issues and other GitHub-specific features (organizations, discussions, teams, etc.) are not portable or standardized.

(@forgefriends is trying to fix this with Gitea, etc)

@dimitrisk Until we have federation for the others, the network effect is still too strong. You don't want to register on a new instance every time you just intend to comment on some issue somewhere. You need to be able to do that with either the existing account of your home instance, or via some portable identity/DID.

@dimitrisk Oh man, I love Github. What did they do that was unethical?

@calligraffiti @dimitrisk @LovesTha Embrace+extend => Vendor lock-in ("network effect")

1. Develop LFS, which relies on a central server, instead of building on the pre-existing git-annex, which allows you to sync data between multiple git hosts with annex support
2. Promote Releases over tags, where Releases live on github instead of in the repo
3. Promote github in a way that makes newcomers believe it is synonymous with git
4. Manage issues outside git and put rate limiters that are preventing e.g. gitea from migrating their project off github to their own hosting with issues intact
5. Only allow PRs from repos that were github-forked from the upstream repo, once again promoting github-chokepoint workflows over git-native workflows

@clacke @dimitrisk @calligraffiti And I think only one of those I would naturally fall into (4), and I'd be happy to abandon issue history to move if it made sense.

@clacke @dimitrisk @LovesTha You should write an article, 'Steps to Insuring Your Repo Stays Portable'

Thank you! Very good to know. What do you use for your git repos? And do you still maintain Github repos? Seems like Github has become a code search engine on top of everything else.

@calligraffiti I was on gitorious, then gitlab.com after the gitoriocalypse, now codeberg. I have stuff on github where others made the choice, but then I mirror on codeberg and/or gitlab.com.

@dimitrisk @LovesTha

@dimitrisk how does the lock in work? Just that moving issues etc is hard?

@dimitrisk I believe it's primarily about ease of use, discoverability and features. it'd be nice if something like a federated Git existed. Gitea is planning to implement that, but unfortunately it uses the heavy Matrix protocol and I don't think that'd be viable at all

@clacke @dimitrisk @forgefed @gitea @forgefriends I did see something about using Matrix for discussions/issues though

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!