Not only GNU projects, but also entire distributions. Void Linux, for example, is still on GitHub! I hope so much that they will turn to Forjego, Codeberg or Gitea.
Thank you for mentioning SourceHut as another option - I didn’t know about it. In my opinion, it doesn’t matter whether Void Linux or other distributions choose Forgejo or another platform, as long as they move away from Microsoft-controlled GitHub. Doing so would reduce the risk of corporate influence and give them greater independence, even if I fully understand that it would also mean more work.
They bombarded my mailbox with alt right nazi spam. It was an obvious data breach but they keep saying ”no user data was compromised”. Who’s gonna believe that?
I thought it was just bots spamming comments on issues. See blog.codeberg.org/we-stay-strong-against-hate-and…
Also I would believe that since codeberg is run by volunteers in a non-profit organization.
I agree with what you’re saying, that the attack didn’t require any data breach to take place, but I do have one slightly pedantic point.
Codeberg being non-profit does not make the employees “volunteers”. They are normal employees and take a wage like working for any other company. What’s different is that any excess revenue over costs must be used to continue the company’s objectives and is not able to be taken by the company owners as profit.
You have to think of them more like a club rather than a non-profit company. Their legal form “eingetragener Verein” does mean “registered club”.
Basically, here in Germany, you can register a non-profit club and then you get exempt from taxes. And folks who donate to your club can also get that donation exempt from their taxes.
I guess, kinda? In my head, a Verein is definitely more of a hobby/socialising thing, but I do have to say that “club” certainly doesn’t feel impactful enough. Like, Germany as a whole would fall apart, if you took the Vereine away.
For example, the Red Cross is an e.V. here. There’s e.V.s that support the local voluntary firefighters (although those are also organized by the municipality). We’ve got big-ass nature preservation e.V.s that do really important work in suing awful corporations. Local sports organizations and orchestras and whatnot are also organized as e.V.s. And perhaps the most relevant in this community is the KDE e.V., which helps organize/assist the wider KDE community.
So, yeah, some of them definitely do work that one might expect from a charity…
Oinks@lemmy.blahaj.zone
on 14 May 08:30
nextcollapse
How was it an obvious data breach? The attack was done via Codebergs notification system. It’s no different from the notification you got from me writing this comment.
priapus@sh.itjust.works
on 14 May 12:37
nextcollapse
How is that an obvious databreach? It was just bot spam, something every single public site has had issues with.
That spam was a troll who found a loophole in the notification system. It was obviously not a data breach. That’s clear to anyone who’s worked with software databases or web servers.
As a guix user and package maintainer I’m ecstatic.
I’m so proud of the community for rallying around the needs and pain points of everyone and making this decision. This reduces so many pain points for a guix user and will hopefully smooth out the package maintenance process a great deal. Email is simple but trying to do code change communication over it can be very complex and time-laborous.
If you’re curious about functional packaging systems grab guix on your distro and give it a try!
Special shout out to anyone burnt out on Nix lang. Come feel the warm embrace of Scheme’s parentheses. :)
It would have been better to self host forgejo, rather than trusting a cloud git service using forgejo. But to be honest, its TOS, as well as the sourcehut’s TOS which I even like it better, sound way better than GH’s…
Yes it’s ToS, and also its structure - it’s basically a non-profit club rather than a for-profit business like GitHub (now owned by M$), which means it isn’t prone to enshittifying.
I guess there was an attempt to move away from the email flow, to allow more people to contribute (I read that was part of the motivation), perhaps that made sourcehut (although it’s in their plan, it hadn’t become their highest priority) not an option, however both can be self hosted (that’s what I would have expected from an organization as the Guix one, so that there’s no dependency on a cloud service, as good as it might be), and both have really good TOS and are non profit. But cloud services are still something its users/clients do not really own. Perhaps as I understood, savannah will still be used as a mirror, but not just temporally, rather for good, so that if something happens on the cloud, there’s plan B available… That’s why for such big and important project I would have preferred a self hosted service. But oh well, I’m not part of the decision, and not an user yet, hopefully to become one later on when getting some minimal understanding of both guile and guix configuration (still guile but I believe simpler), because no matter the distro I always have to write and maintain a few packages myself. Hopefully at some point doesn’t become never having the time to do so, hehe.
So all in all yes, the two best cloud options by far, but I’m surprised a Guix instance was not chosen, not sure if even considered.
I agree to some degree but the gnu project doesn’t have a great track record for performative hosting (savannah is very prone to going down for long periods of time.)
I don’t begrudge better hosting infrastructure from a different non-profit.
threaded - newest
More GNU projects need to do this
Not only GNU projects, but also entire distributions. Void Linux, for example, is still on GitHub! I hope so much that they will turn to Forjego, Codeberg or Gitea.
True or maybe even sourcehunt
Thank you for mentioning SourceHut as another option - I didn’t know about it. In my opinion, it doesn’t matter whether Void Linux or other distributions choose Forgejo or another platform, as long as they move away from Microsoft-controlled GitHub. Doing so would reduce the risk of corporate influence and give them greater independence, even if I fully understand that it would also mean more work.
Yw
Codeberg just sketchy …
Why?
They bombarded my mailbox with alt right nazi spam. It was an obvious data breach but they keep saying ”no user data was compromised”. Who’s gonna believe that?
I thought it was just bots spamming comments on issues. See blog.codeberg.org/we-stay-strong-against-hate-and… Also I would believe that since codeberg is run by volunteers in a non-profit organization.
I agree with what you’re saying, that the attack didn’t require any data breach to take place, but I do have one slightly pedantic point.
Codeberg being non-profit does not make the employees “volunteers”. They are normal employees and take a wage like working for any other company. What’s different is that any excess revenue over costs must be used to continue the company’s objectives and is not able to be taken by the company owners as profit.
No. Codeberg is run by volunteers. AFAIK Codeberg e.V. has only one part time employee blog.codeberg.org/letter-from-codeberg-we-are-now…
You have to think of them more like a club rather than a non-profit company. Their legal form “eingetragener Verein” does mean “registered club”.
Basically, here in Germany, you can register a non-profit club and then you get exempt from taxes. And folks who donate to your club can also get that donation exempt from their taxes.
So more like a charity status?
I guess, kinda? In my head, a Verein is definitely more of a hobby/socialising thing, but I do have to say that “club” certainly doesn’t feel impactful enough. Like, Germany as a whole would fall apart, if you took the Vereine away.
For example, the Red Cross is an e.V. here. There’s e.V.s that support the local voluntary firefighters (although those are also organized by the municipality). We’ve got big-ass nature preservation e.V.s that do really important work in suing awful corporations. Local sports organizations and orchestras and whatnot are also organized as e.V.s. And perhaps the most relevant in this community is the KDE e.V., which helps organize/assist the wider KDE community.
So, yeah, some of them definitely do work that one might expect from a charity…
How was it an obvious data breach? The attack was done via Codebergs notification system. It’s no different from the notification you got from me writing this comment.
How is that an obvious databreach? It was just bot spam, something every single public site has had issues with.
That spam was a troll who found a loophole in the notification system. It was obviously not a data breach. That’s clear to anyone who’s worked with software databases or web servers.
.
Thats awesome news for both parties.
As a guix user and package maintainer I’m ecstatic.
I’m so proud of the community for rallying around the needs and pain points of everyone and making this decision. This reduces so many pain points for a guix user and will hopefully smooth out the package maintenance process a great deal. Email is simple but trying to do code change communication over it can be very complex and time-laborous.
If you’re curious about functional packaging systems grab guix on your distro and give it a try!
Special shout out to anyone burnt out on Nix lang. Come feel the warm embrace of Scheme’s parentheses. :)
It would have been better to self host forgejo, rather than trusting a cloud git service using forgejo. But to be honest, its TOS, as well as the sourcehut’s TOS which I even like it better, sound way better than GH’s…
Yes it’s ToS, and also its structure - it’s basically a non-profit club rather than a for-profit business like GitHub (now owned by M$), which means it isn’t prone to enshittifying.
I guess there was an attempt to move away from the email flow, to allow more people to contribute (I read that was part of the motivation), perhaps that made sourcehut (although it’s in their plan, it hadn’t become their highest priority) not an option, however both can be self hosted (that’s what I would have expected from an organization as the Guix one, so that there’s no dependency on a cloud service, as good as it might be), and both have really good TOS and are non profit. But cloud services are still something its users/clients do not really own. Perhaps as I understood, savannah will still be used as a mirror, but not just temporally, rather for good, so that if something happens on the cloud, there’s plan B available… That’s why for such big and important project I would have preferred a self hosted service. But oh well, I’m not part of the decision, and not an user yet, hopefully to become one later on when getting some minimal understanding of both guile and guix configuration (still guile but I believe simpler), because no matter the distro I always have to write and maintain a few packages myself. Hopefully at some point doesn’t become never having the time to do so, hehe.
So all in all yes, the two best cloud options by far, but I’m surprised a Guix instance was not chosen, not sure if even considered.
I agree to some degree but the gnu project doesn’t have a great track record for performative hosting (savannah is very prone to going down for long periods of time.)
I don’t begrudge better hosting infrastructure from a different non-profit.
Sounds like it would be nice if Savannah offered Forgejo hosting.