I understand that many projects have been locked in as a result of a choice made in the past.

However, it makes little sense to me to see new, interesting projects to opt for while there are less unethical code hosting platforms out there.

@dimitrisk @rysiek for me, it's discoverability: I use shitty GH code search a lot. I think I'd get a lot less contributors in a private Gitea instance. I hope that these impediments will be solved in the future.

@astro
I actually pulled my code off of GitHub (and archived it there) since I got no contribution whatsoever.

Not surprisingly when you consider that the median number of maintainers is 1.

Working across different Gitea instances is an interesting subject.
I was wondering whether WebMention or so could be used for the communication part.

Or we go back to classical mailing lists with all their downsides.
@dimitrisk @rysiek

Follow

@rysiek @RyunoKi @astro @forgefriends @forgefed

Wrt discoverability, I suppose that large projects do not desperately need to be discoverable.

Small and single-person projects may benefit from the community culture present in non big-tech, platforms as well, instead of being lost in the github crowd.

· · Web · 2 · 6 · 6

@dimitrisk @rysiek @RyunoKi @astro @forgefriends @forgefed I tend to agree: knowing the vast majority of internet search go through Google, it would be surprising that discovering software projects is predominantly dependent on GitHub.

@dachary @dimitrisk @rysiek @RyunoKi @forgefriends @forgefed codesearch could be a neat niche for every search provider, eg duckduckgo

@astro
I was about to suggest writing an Instant Answer plugin for it:
help.duckduckgo.com/open-sourc

But it appears DuckDuckHack switched to maintenance mode for the time being
@dachary @dimitrisk @rysiek @forgefriends @forgefed

@lwriemen
Actually npm appears quite prominent (acquired by GitHub before they in turn were bought up by Microsoft)
@astro @dachary @dimitrisk @rysiek @forgefriends @forgefed

@dimitrisk @rysiek @RyunoKi @astro @forgefriends @forgefed Discoverability? Who just wanders around GitHub looking for projects? I've literally never done that and can't imagine why I'd bother.

@be @dimitrisk @RyunoKi @astro @forgefriends @forgefed that's kind of my internal reaction too, but I've learned that my lack of imagination is not a great proof that something isn't a thing. 😉

@malte @be @dimitrisk @RyunoKi @astro @forgefriends @forgefed

I do that too sometimes, i.e. to find new #ActivityPub projects to add to the #delightful lists at codeberg.org/fediverse

Wrt network effects mentioned by @rysiek I want to call on everyone, technical-minded or not to check out #forgefriends community. It is co-shared by multiple projects, open and welcoming.

With federation we can open the ecosystem for the entire Free Software Development Lifecycle, where Github is so dominant.

@malte @be @dimitrisk @RyunoKi @astro @forgefriends @forgefed @rysiek

Oh, I'll place a link to the #forgefriends community:

forum.forgefriends.org

Dedicated to bringing code forges to the #Fediverse and with 2 free software projects working on that currently:

forgefriends.org

forgeflux.io

Also note that @gitea will be working on federation, hopefully in close collaboration and maybe see themselves as part of "forge friends" movement to grab the opportunities that exist.

@be I'm not too fond of it, but it works for me. I'd be happy to know alternatives, if they exist.

@be @dimitrisk @rysiek @RyunoKi @astro @forgefed Just the other day I searched GitHub for a particular vulnerability and mass opened issues on all of their repos that way, the few projects that didn't use GitHub were much harder to track down the vulnerability and figure out how to report it.

Personally I host all my code on my own gitea and GitHub and they link to each other.

@moparisthebest

Regarding the reporting I would advocate for SECURITY.md files, e.g. snyk.io/blog/add-a-security-md

Mass scan would require some kind of @MetaGer but for code.
Some way to register one's search.

@forgefed @dimitrisk @rysiek @be @astro

@moparisthebest
Try doing that, privately.

We know people don't like to hear this but if a project is exclusively on Github (or CloudFlare GitLab) then its not ethical.

Thankfully, Gargron is fairly easily contactable from outside Github. Thankfully many BTC devs are easily contactable, this is **not** the case for all projects — and big ones.

Some have really created a #unwelcoming and we argue unethical #walledGarden on those platforms.

@forgefed @dimitrisk @RyunoKi @rysiek @be @astro

@be @dimitrisk @rysiek @RyunoKi @astro @forgefriends @forgefed You know where I do wander around in. AptGet!

At least then I know there's enough curation to assure me those projects are alive and still functional on the latest systems!

If it's not in Debian, I like asking whether anyone would actually recommend the project.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!