I am missing a party in this discussion: The role of the github monoculture. Because all these repos are hosted by the same party, one lawyer writing one letter can cause global disruption.
Github did nothing wrong here. They got an important, maybe controlling share of the market by creating a great product. While they might have a monopoly, I see no abuse of it.
But that's irrelevant for the rest of the world. The simple existance of the monoculture makes all of us vulnerable to attacks.
The GH monoculture isn't great, but it's less of a problem than other monoculture threats we've faced, due to git's distributed nature. Thus far GH has not changed git itself, and since every repository is canonical, it's easy to change what the "main" repository is at the snap of a finger. Self host, move to sr.ht, whatever.
I try to think of GH as a convenient mirror service that happens to provide a lot of discoverability. Nice, but in no way essential.
This is only true if you don’t use GitHub for reviews/issue tracking/etc. You’re correct that it’s trivial to move the code, but that’s only a fraction of the critical history and tooling for a large collaborative project.
True, but I've seen many projects that use both GitHub and JIRA (i.e. not BitBucket). Those work totally fine for issue tracking, project management, etc. It's the same amount of friction for what you're proposing. The main thing you are missing out on is a UI for merging and PRs, which is nontrivial but not a moat that can keep a monopoly afloat.
Of course if JIRA shut down that'd be annoying too, but I could re-create my project in another project manager.
To me, the bigger impact is things like GitHub Actions and your CI/CD pipeline. Issue tracking and PRs don't seem like big issues to me.
> To me, the bigger impact is things like GitHub Actions and your CI/CD pipeline.
Sure, and these are definitely important – but your project isn't directly threatened if they are pulled out from under you. You'll just be operating with degraded CI quality for a while.
It feels like there's a missing product to go with git: a free and distributed issue management and review system. GitHub should be a view on the data rather than the sole owner of the data
There is git-bug ( https://github.com/MichaelMure/git-bug ). Not at the same level as Bugzilla, but usable. Issues are stored in hidden branches in the git repo itself.
I get emails for all comments and PRs. It would be annoying to lose the GH interface but not repo ending. Allowing issues or pulls to exist only on GH is equivalent to having only a single copy of a something important on an old laptop. Basic backups of any kind solves this issue.
I believe iTerm uses GitLab for issues and GitHub for source control. GitHub issues didn't have a core feature they needed issues, but it was already canonical for code.
Well they have changed Git, but it has been in a mostly open and upstream way, though they have used their market dominance for force changes inside of the Git project "google style" where by they tell upstream what they are doing and if upstream wants to continue to be "Github compatible" well upstream better adopt it as well....
Also the idea that mono-culture is less of a threat because git is a DVCS ignores all of the data in issues, wiki, network effect, and all of the other non-git things that make up github, none of these are distributed or really portable and for many projects this makes them decidedly not a "mirror service with discoverability"
> where by they tell upstream what they are doing and if upstream wants to continue to be "Github compatible" well upstream better adopt it as well....
Do you have an example of this? This seems like it would be a hard sell as there haven't been many (any?) breaking changes to Git itself in a long while.
Well they have changed Git, but it has been in a mostly open and upstream way, though they have used their market dominance for force changes inside of the Git project
Where are you setting up Gitea and Drone that is protected against DMCA requests? Any US-based host will happily act on DMCA requests.
What I'm familiar with is using PRQ (of TPB fame) + Njalla (by TPB co-founder, Peter Sunde), PRQ provides the machines and Njalla the domain, both pro-privacy and will fight claims to protect you, if you're only breaking "piracy" laws (digital ones).
There ain't no stopping the DMCA train. I started hosting my own code at gopherworks.io if you want to see what that roughly looks like.
My idea is that, as I said, I can't stop the DMCA train but it's a whole lot harder to take on thousands of small Giteas and SourceHuts than it is to open a pull request on GitHub. We can get the meta-wins of GitHub later by designing some aggregators that talk to Gitea and SourceHut in efficient ways in the future, but for now the pressing matter is to decentralize code hosting, in my view.
Thanks for that link! I've been pondering these things on my own for quite a bit. Seems like there's a quorum of like-minds now, so I guess I should probably join the discussion.
While that would work for most text transfers (or otherwise low-bandwidth usage), many other use cases would be near impossible to get to work with good performance over Tor. Think video hosting and similar.
Use vm to to connect to vpn to purchase vps hosting in a foreign country with good internet outside the jurisdiction of U.S. Maybe do some research to see if hosting provider has a history of complying with U.S. laws or cooperating with U.S. law enforcement.
A federated code hosting platform would solve this problem. Having an account on one and being able to create issues or merge requests on others, would make getting away from Github much easier.
Right now, any other self-hosted code-host needs you to sign-up or use OAuth2, which frankly is quite annoying. Whoever suggests mailing lists should really get with the times. It is not a fun experience in the slightest.
It's really quite strange that issues aren't able to be just cloned/PR-ed like the rest of a git project. But I guess it protects git hosts to keep that [ironic] difficulty in propagation in.
Github did nothing wrong here. They got an important, maybe controlling share of the market by creating a great product. While they might have a monopoly, I see no abuse of it.
But that's irrelevant for the rest of the world. The simple existance of the monoculture makes all of us vulnerable to attacks.