cross-posted from: https://lemmy.ml/post/15691030
As you can easily notice, today many open source projects are using some services, that are… sus.
For example, Github is the most popular place to store your project code and we all know, who owns it. And not to forget that sketchy AI training on every line of your code. Don’t we have alternatives? Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.
Also, Crowdin is very popular in terms of software (and docs) translation. Even Privacy Guides and The New Oil use Crowdin, even though we have FLOSS Weblate, that you can easily self-host or use public instances.
So, my question is: if you are building a FLOSS / privacy related project, why using proprietary and privacy invasive tools?
Because foss is usually not the easiest option. In fact it’s often quite difficult to maintain. So not only creating foss but then hosting your projects on foss is not tenable. Where does the line get drawn? OK you’re running forgejo. Are you running it on infrastructure that you control? You don’t control the DNS, you don’t control the ISP, you don’t control the fiber, you don’t control most of the stack. Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway, so who controls the platform doesn’t matter in the slightest.
Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway,
Except for people in China (blocked in China) or people on ipv6 only networks, since Github hasn’t bothered to support ipv6, cutting out those in countries where ipv4 addresses are scarce.
So yes, it does matter. Both gitlab and codeberg, the two big alternatives, both support ipv6 (idk about them being blocked in china). They also support github logins, so you dob’t even need to make an account.
And it’s not a black or white. Software freedom is a spectrum, not a binary. We should strive to use more open source, decentralized software, while recognizing that many parts are going to be out of our immediate control, like the backbone of the internet or little pieces like proprietary firmware.
Gitlab is crazy. They require my phone number and credit card details just to create an account.
deleted by creator
This makes this platform next to impossible to recommend to users outside of the US, since credit cards are very uncommon in e.g. Europe.
Maybe debit card would also work, but why they need this info at all? I wanted to create new issue for app, but Gitlab required card details. I had to write to the developer in Matrix.
And not to forget that sketchy AI training on every line of your code.
I don’t mind AI learning from my open-source code that much. However, my concern is that open-source projects on GitHub are not as easily accessible to AIs other than Copilot and OpenAI, which does not allow for fair competition.
That said, I do have a good impression of Codeberg. When they become federated, I might finally jump ship from GitHub.
The biggest factor to me is developer attention. I had a project on gitlab and pushed a README.md with a link to the gitlab instance into github. I got about 10 times more reactions from github, incl. PRs (where the person had grabbed the code from gitlab and did a PR on github anyway) – even in this setup. Mirroring a project to github tilts that even further.
Not being present on github means a lot less users and contributors. As long as that stays this way there is no way around github.
I hope federated forges can move some attention away from github, making other forges more visible… but I am not too optimistic :-(
Running my large project on gitlab I have no shortage of contributors, just painful sometimes to get people to register on gitlab due to account verification with credit card or phone number
GitLab has gone downhill over the past several years to the point I cannot recommend it anymore. Requiring a credit card is a kick to the face of younger devs wanting to get their feet wet in open source. The CI minutes that free accounts and FOSS projects get is insultingly pathetic. Their open source program that you have to apply for is intentionally annoying, requiring you to manually get re-approved yearly and the benefits only work for FOSS projects under a group, not a personal account. It’s tolerable if you self-host your own runners and forget their shit excuse for a managed CI exists, but I’m also running into this super annoying issue where I get signed out of Gitlab almost daily and have to re-login and enter a verification code from my email. I have my project mirrored to Codeberg and if Codeberg had better CI I’d move completely, even if it were self hosted. Gitlab has gone way downhill since I moved to them after MS bought Github.
