dinckelman@lemmy.world
on 29 Jul 2024 23:08
nextcollapse
I keep basically all of my shit on Gitlab, so depending on who they sell it to, that might be a goodbye. I’ve really enjoyed the platform, but if it goes into hands of either some clueless business people, data aggregator, or “AI-first” bullshit, i’m migrating to something else.
Every open source license grants permission for AI training, and GitHub copilot by default rejects completions that exactly match code from its training. You can’t pretend to be pro-open source or pro-free software but at the same time be upset that people are using licensed software within its license terms.
Only if you can reasonably argue that the output is the input (even with exact matches over a certain size being auto-rejected), and that it is enough to qualify as a copyrightable work. I’d argue line completions can never be enough to be copyrightable, and even a short function barely meets the bar unless it is considered creative in some way.
corsicanguppy@lemmy.ca
on 30 Jul 2024 08:24
collapse
So many errors in what you’ve written aren’t with the fact that one can INSTALL a copy of gitlab and get the CI/CD features, but actually with simple English.
TootSweet@lemmy.world
on 29 Jul 2024 23:34
nextcollapse
I’m in the same boat. I migrated all my stuff to Gitlab the day it was announced that Github was being acquired by Microsoft. I hadn’t even really heard of Codeberg at the time. So I migrated to Gitlab.
And it sounds now like there’s a high likelikhood I’ll need to move it all again.
dinckelman@lemmy.world
on 30 Jul 2024 00:17
nextcollapse
I’ve had my stuff on Gitlab way before that ever even happened, just because I’ve already had issues with the platform before, and knew it would eventually change hands. Shame it’ll likely happen again with this too
Kissaki@programming.dev
on 30 Jul 2024 10:38
collapse
I hadn’t even really heard of Codeberg at the time.
TootSweet@lemmy.world
on 30 Jul 2024 15:47
collapse
That would explain it.
jlh@lemmy.jlh.name
on 29 Jul 2024 23:40
nextcollapse
Come to Codeberg! I’m a member of the co-op and we’re not for sale.
dinckelman@lemmy.world
on 30 Jul 2024 00:16
collapse
I’ve been casually taking a look at it for a bit, so it’s definitely on the radar
Edit: Overall i’m happy, at first proper glance, but not having access to even barebones CI is kind of a pain. I can’t really deploy my own at the moment, and having to request access to their own Woodpecker instance is something that seems unlikely to be approved
fmstrat@lemmy.nowsci.com
on 30 Jul 2024 10:51
collapse
Codeberg is where I will be next. A nonprofit ownership created because they didn’t like the commercialization of other providers that’s getting more and more popular. Seems like they likely won’t go down this rabbit hole.
mark@programming.dev
on 30 Jul 2024 00:05
nextcollapse
You shouldn’t wait because it’s going to happen. I moved all of my projects off of Github and Gitlab, and now self-hosting my own gitea instance. It’s been great and never looked back!
thegreenguy@sopuli.xyz
on 30 Jul 2024 09:05
collapse
Btw gitea has been involved in some shit, most of the Devs quit and created Forgejo. AFAIK you can seamlessly switch from gitea without needing to completely reset it.
mark@programming.dev
on 30 Jul 2024 16:01
nextcollapse
Oh wow, I didn’t know that! Is there any official statement? Search didn’t turn up anything. I guess I don’t necessarily need to know exactly how it went down, but I wanna be nosy. :D
thegreenguy@sopuli.xyz
on 30 Jul 2024 19:30
collapse
NostraDavid@programming.dev
on 31 Jul 2024 18:09
collapse
you can seamlessly switch from gitea without needing to completely reset it.
For now; Forgejo is hard forking, which may break things soon.
amju_wolf@pawb.social
on 30 Jul 2024 11:05
nextcollapse
It’s funny because despite all the fearmongering about Microsoft’s Github acquisition it feels like it only improved since then, while Gitlab has done a shitton of questionable and shitty decisions, a ton of critical security issues and in general feels like (at best) they don’t know what they are doing.
The only thing Gitlab has going for itself is that it’s self-hostable, but they still retain a large amount of control.
737@lemmy.blahaj.zone
on 30 Jul 2024 12:21
nextcollapse
I actually have an account on there with almost nothing, just my nix configuration, plus a repo I cloned to commit a bug fix on software I used. But it seemed like the most responsible solution as in the price is reasonable, plus I actually like the interface. Codeberg also looks good and claims to be better in some regards, but these are the only choices nowadays.
Anyhow, I’m still waiting for Pijul to have a final 1.0 release and independent hosting solutions to appear.
BlameTheAntifa@lemmy.world
on 31 Jul 2024 16:28
collapse
Same here. Gitlab CI was a game-changer for me, too. Any thoughts on where else you’d consider going? Aside from GitHub, that is.
dinckelman@lemmy.world
on 31 Jul 2024 16:37
collapse
I suspect that in the worst case scenario, i’ll be moving stuff to Codeberg and hosting my own CI to support it
Outsider9042@aussie.zone
on 29 Jul 2024 23:19
nextcollapse
Asudox@ani.social
on 30 Jul 2024 00:01
nextcollapse
Absolutely.
I’ll self host my own forgejo instance soon.
Outsider9042@aussie.zone
on 30 Jul 2024 02:38
collapse
It’s also what codeberg uses under the hood for those that don’t self host.
mesamunefire@lemmy.world
on 30 Jul 2024 04:19
nextcollapse
I hope they get true federation up running soon.
Carighan@lemmy.world
on 30 Jul 2024 05:54
nextcollapse
For code hosting, doesn’t that just mean you’re self-hosting + others can utilize you space for a backup?
loudwhisper@infosec.pub
on 30 Jul 2024 09:02
nextcollapse
I think the benefits of federation is discoverability. I can spin up my gitea or forgejo (or something else!) Instance, but when people look for code in their instances, they can still discover my public repositories, and if they want to contribute, they can fork and open PRs from their instances.
So yeah, it means mostly you can selfhost and provide space to others, but with the same benefits that right now github offers (I.e., everything is there).
thegreenguy@sopuli.xyz
on 30 Jul 2024 09:04
nextcollapse
Maybe you would be able to disable other users from creating repos.
No, it means people can contribute issues and pull requests to projects on other servers. Repositories would only be created on the server your account is on if I’m not mistaken. I believe it uses activitypub internally, so should work the same as Lemmy/mastodon.
Yes, it uses ActivityPub with the ForgeFed extension.
ace@lemmy.ananace.dev
on 30 Jul 2024 10:41
collapse
GitLab has been working on support for ActivityPub/ForgeFed federation as well, currently only implemented for releases though.
Aatube@kbin.melroy.org
on 30 Jul 2024 00:39
nextcollapse
I feel like sourcehut really ought to be mentioned more. It federates issue and PRs by email and has a wonderful interface while not having any ads—which is why hosting one's own repo (and their CI and IRC but nothing else) requires $2 a month, unfortunately.
lysdexic@programming.dev
on 30 Jul 2024 05:02
nextcollapse
I don’t think it makes any sense to mention source hut because none of the features you mentioned are killer features (or relevant. Why should I care about implementation details of feature tracking?) and it completely fails to address GitLab’s main value proposition: it’s CICD system.
Anyone can put up any ticketing system. They are a dime a dozen. Some version control systems even ship with their own. CICD is a whole different ballgame. It’s very hard to put together a CICD system that’s easy to manage and has a great developer experience. Not even GitHub managed to pull that off. GitLab is perhaps the only one who pulled this off. A yams file with a dozen or so lines is all it takes to get a pipeline that builds, tests, and delivers packages, and it’s easy to read and understand what happens. On top of that, it’s trivial to add your own task runners hosted anywhere in the world, in any way you’d like. GitLab basically solved this problem. That’s why people use it.
I use gitlab ci mainly and dabble in github actions. Can you clarify how “Not even Github managed to pull that off”? IIRC, actions is quite featureful and it’s open-source, so I assume that can be run with self-hosted runners as well.
loutr@sh.itjust.works
on 30 Jul 2024 06:48
nextcollapse
Yep, at my previous job I moved a pretty complex build system from Jenkins to github actions. It worked fine and was much simpler to maintain.
And yes there are ways to run github actions on your own machine, but I haven’t tried it.
lysdexic@programming.dev
on 30 Jul 2024 14:15
collapse
Can you clarify how “Not even Github managed to pull that off”?
GitHub actions has an atrocious user experience, to the point that even a year or so ago people where doubting it was production-ready.
Sure, you can put together a pipeline. But I challenge anyone to try it out with GitHub actions and then just try to do the same with GitLab or even CircleCI or Travis.
The fact that people compare GitHub Actions go Jenkins of all things is everything anyone needs to know about it’s user experience.
Using email for anything is a non-feature for me. I want nothing to do with that outdated, confusing piece of tech that has been shoved in all sorts of places it doesn’t belong
Aatube@kbin.melroy.org
on 22 Sep 2024 15:44
collapse
Since forever. It’s very slow, I’m still not sure replying is actually in the spec or email clients fake it with Re: and then force you to quote the entire history of the conversation back and forth. Also very easy to break if you don’t like the Re: or something. People are constantly replying to the wrong person or persons, sometimes even to themselves. You have weirdly named fields “cc” and “bcc” that are present all the even though I use them like 4x and 1x a year, respectively. You can’t unsend or delete emails.
And all this is before I get into doing git or calendars over email.
Email is in fact one of the reasons I’m not sure I want the fediverse to succeed right now, because then all the faults of activitypub will be forced on us for centuries, like they are with email.
GrappleHat@lemmy.ml
on 30 Jul 2024 03:27
nextcollapse
The chances of a deal are said to be weeks away, if not non-existent.
What kind of non-sentence is that?
holycrap@lemm.ee
on 30 Jul 2024 03:38
nextcollapse
It’s an existing sentence if it’s not non-exisent.
leisesprecher@feddit.org
on 30 Jul 2024 06:48
collapse
Big if true and big.
pelotron@midwest.social
on 30 Jul 2024 05:10
nextcollapse
It’s what they most not the least
tatterdemalion@programming.dev
on 30 Jul 2024 06:57
nextcollapse
Seems like a perfectly cromulent English sentence to me.
The kind of sentence you write when you’re still 20 words from the target your editor set for the article
red_pigeon@lemm.ee
on 30 Jul 2024 16:09
nextcollapse
It means when the author was waiting for his order at Popeyes, the guy in front who did small talk with him introduced himself as a Gitlab employee and told the author “Gitlab might sell in weeks. It is a deal or no deal”
JackbyDev@programming.dev
on 31 Jul 2024 14:12
nextcollapse
It feels like it’s saying “if rumors are true, the deal is weeks away.” A reminder that it might not be the case.
0x0@lemmy.dbzer0.com
on 31 Jul 2024 16:16
collapse
The chances of the coin flip yielding heads are roughly 50%, if coins don’t not exist.
onlinepersona@programming.dev
on 30 Jul 2024 03:37
nextcollapse
Fuck. No other source forge supports groups or orgs with hierarchical projects 🫤 Gitea and Forgejo went hard on being github clones, so they’re off the list. Are there any other alternatives? I don’t want to have to bash together scripts to make something…
dallen@programming.dev
on 30 Jul 2024 06:55
nextcollapse
It’s not a dealbreaker for me but I feel your pain. Getting everything organized in Gitlab is a pleasure.
azertyfun@sh.itjust.works
on 31 Jul 2024 13:14
collapse
I looked into it after this year’s massive price hike… There’s no meaningful alternative. We’re on the FOSS version of GitLab now (GitLab-CE), but the lack of code ownership / multiple reviewers / etc. is a real pain and poses problems with accountability.
Honestly there are not that many features in Gitlab EE that are truly necessary for a corporate environment, so a GitLab-CE fork may be able to set itself apart by providing those. To me there are two hurdles:
Legal uncertainties (do we need a clean room implementation to make sure Gitlab Inc doesn’t sue for re-implementing the EE-only features into a Gitlab fork?)
The enormous complexity of the GitLab codebase will make any fork, to put it mildly, a major PITA to maintain. 2,264 people work for GitLab FFS (with hundreds in dev/ops), it’s indecent.
Honestly I think I’d be happy if forgejo supported gitlab-runner, that seems like a much more reasonable ask given the clean interface between runner and server. Maybe I should experiment with that…
qjkxbmwvz@startrek.website
on 30 Jul 2024 18:35
collapse
Are they “forks” or are they “built on top of”?
NostraDavid@programming.dev
on 31 Jul 2024 18:07
collapse
Forgejo used to be built on top of Gitea (soft fork) but since this year have been starting to go their own way, which may break things (hard fork).
technom@programming.dev
on 30 Jul 2024 17:56
collapse
Gitlab is very complex and a heavy resource hog. You probably don’t need it. Most small to medium enterprises can comfortably host their projects on lightweight forgejo or gitea (speaking from experience). They even have functionality similar to github actions. If you need anything more complex, you are better off integrating another self hosted external service to the mix.
FizzyOrange@programming.dev
on 31 Jul 2024 16:31
collapse
In my experience the other alternatives tend to lack solid CI integration. I have yet to find an open source alternative as good as Gitlab’s.
WolfLink@sh.itjust.works
on 30 Jul 2024 10:06
nextcollapse
You can also just make bare got repositories on any server you can ssh into.
Kissaki@programming.dev
on 30 Jul 2024 10:30
collapse
make bare got repositories
got it
syscall@programming.dev
on 31 Jul 2024 16:12
collapse
Coincidentally, this is what git is short for.
Source: “git” can mean anything, depending on your mood.
In summary, it needs to be a public repo with FOSS code and the README must match the project’s intended goal.
aport@programming.dev
on 30 Jul 2024 13:59
nextcollapse
GitLab still doesn’t even support leaving comments on a commit message. Like, what? GitLab and GitHub have all these fancy shiny features but still suck at offering basic code review functionality.
I never understood the appeal.
allywilson@lemmy.ml
on 30 Jul 2024 16:29
nextcollapse
I mean, I get it, but that’s also not a thing of git, right? Just because GitHub does something doesn’t mean every other hosting provider needs to. If your code review process is to comment upon specific commits, maybe it’s the code review process that’s wrong?
aport@programming.dev
on 30 Jul 2024 23:01
nextcollapse
GitHub doesn’t let you comment on the commit message either. The only one I’ve seen do this properly this is Gerrit. And of course regular old mailing list reviews.
There are so many blogs and posts about writing good commit messages, using Conventional Commits, etc, and the two most popular forges don’t even let you comment in-line on the commit message during a review.
0x0@lemmy.dbzer0.com
on 31 Jul 2024 11:41
collapse
FizzyOrange@programming.dev
on 31 Jul 2024 21:06
collapse
Ohhhhh you can’t comment on a specific line of a commit message. I see. I mean… yeah I guess not. That seems like a super niche feature though. How long are your commit messages? I’ve never even tried to do that. Commit messages are short enough you can pretty much just write a normal message not tied to a specific line.
There are waaaaay bigger issues with Gitlab. Here’s one I ran into recently, you can’t search for pipelines. It’s got a search box and everything but you literally can’t search; only filter. So stupid.
Still, overall it’s the best self-hostable option out there at the moment IMO. I guess Forgejo (truly abysmal name) may overtake it at some point.
starshipwinepineapple@programming.dev
on 30 Jul 2024 14:30
nextcollapse
Ive been meaning to move to codeberg, self hosted forgejo, or sourcehut so this will only accelerate that if things get worse.
Valmond@lemmy.world
on 30 Jul 2024 17:18
nextcollapse
I preemptively moved to codeberg, very nice and pro IMO.
JackbyDev@programming.dev
on 31 Jul 2024 14:11
collapse
The only “downside” about Codeberg is that (for the most part) you’re only allowed to host projects that as FOSS or projects you intend to make FOSS. (Stuff like personal notes and config files are fine too.)
morbidcactus@lemmy.ca
on 30 Jul 2024 18:41
nextcollapse
I just flipped my home git to forgejo from gitlab, gitlab just had a bunch of features I wasn’t using, forgejo was easy to setup and it has a nice interface. I’m just using it for source control right now, still probably huge overkill but eh
How did you set it up? I’ve been wanting to setup forgejo in a docker container but wasn’t sure how easy the process is.
morbidcactus@lemmy.ca
on 30 Jul 2024 20:15
collapse
I was originally going to to go the docker route but honestly just ended up going the binary route and leaving it using sqlite as it’s good enough for now. It’s pretty well documented and a chunk of the prereqs I already had, like the git user creation.
Did have SSH auth issues though, probably becauae I didn’t fully cleanup after uninstalling gitlab (oops), had them in parallel for a bit to migrate the repos, gitlab had it trying to use gitlab-shell which didn’t exist anymore. Probably a better/proper solution but what worked was changing the git user’s home directory back to /home/git as gitlab had it using a gitlab config directory. I welcome anyone giving me a better/cleaner solution for this, on my to do list to do some more cleanup.
nullpotential@lemmy.dbzer0.com
on 31 Jul 2024 02:23
collapse
Love me some codeberg.
barsquid@lemmy.world
on 30 Jul 2024 19:46
nextcollapse
GitLab is a security nightmare, good luck to whoever purchases that.
werefreeatlast@lemmy.world
on 30 Jul 2024 20:00
nextcollapse
Elon has entered the chat…how many labs of this git kind can you make for him within 3 months? Can git be somehow monetized?
Eezyville@sh.itjust.works
on 30 Jul 2024 22:42
nextcollapse
Could you elaborate? I use Gitlab bit i’m not a security expert.
barsquid@lemmy.world
on 31 Jul 2024 00:24
collapse
As if that isn’t bad enough, I am pretty sure they have had other incidents.
0x0@lemmy.dbzer0.com
on 31 Jul 2024 11:39
collapse
I used to host a Gitlab instance at work. It was dog slow so I started digging into it and discovered they had a serious memory leak in some of their “unicorns,” aka Ruby tasks. Instead of fixing the source of the leak they tacked on a “unicorn killer” that periodically killed tasks. The tasks were supposed to be atomic anyway, so this is technically fine (and maybe a good thing in the long run for correctness a la Netflix’s Chaos Monkey) but I found myself kind of disgusted by the solution. I dropped it and went for a much sparser Git repo web server.
Eezyville@sh.itjust.works
on 31 Jul 2024 12:44
nextcollapse
lmao! Man that’s hilarious!
“We have a memory leak that could lead to a security issue.We should do something about it.”
“I made a process that periodically kills those tasks. No one will notice the problem now.”
The unicorn killer will have a memory leak as well. 💀
0x0@lemmy.dbzer0.com
on 31 Jul 2024 12:50
collapse
I don’t think memory leaks could ever amount to a security vulnerability, but it just feels yucky. I guess I shouldn’t cast stones, I write C++ at work.
I don’t think memory leaks could ever amount to a security vulnerability
In theory it could, after all there are technically denial-of-service vulnerabilities (not DoS/DDoS attacks, that is something different) according to CVE Numbering Athorities.
0x0@lemmy.dbzer0.com
on 31 Jul 2024 16:13
collapse
Maybe I’m misunderstanding you, but DoS is exactly the same thing as “denial of service”.
My point is that memory leaks can only degrade availability; they are categorically distinct from security vulnerabilities.
According to the CVE Numbering Athorities, there can be vulnerabilities that result in service being denied, and they refer to them as a denial-of-service vulnerability. For example, there can be a bug in a program that causes it to crash if you perform a certain set of steps/actions, thus resulting in the service being denied. Whereas traditionally, a DoS/DDoS attack is simply flooding a target with more bandwidth than they have available downstream bandwidth. Sending massive amounts of data to overwhelm a service is not the same thing as finding a unique set of actions to cause the program to crash.
So in theory, yes, a memory leak could amount to and result in a security vulnerability, like if the memory leak is reproducible and so severe it causes a service to crash.
0x0@lemmy.dbzer0.com
on 01 Aug 2024 03:14
collapse
Aha, I didn’t realize compromising availability was sufficient for the CVE definition of security vulnerability. Projects I’ve worked on have typically excluded availability, though that may not be the norm.
And I see your point about some exploits being highly asymmetric in the attacker’s favor, compared to classic [D]DoS.
barsquid@lemmy.world
on 31 Jul 2024 15:24
collapse
That’s disappointing. They are pretty consistently choosing the wrong thing. I don’t think they know what they’re doing.
Unicorn killer does sound great for testing. If they wrote tests around anything I’d be surprised, though. LOL.
If you don’t need all the user management and whatever else it definitely doesn’t make sense to run their junk.
FizzyOrange@programming.dev
on 31 Jul 2024 15:48
collapse
They do have a ton of tests actually. In their defence, if this task is doing Git things then just killing it when it goes badly is probably the best you can do. Git itself is quite buggy if you stray from the most basic setup. I’ve had it almost completely destroy my .git directory in the past when using submodules.
On the other hand, Gitlab itself is an enormous entirely untyped Ruby monster, with extremely difficult to follow code. Not in terms of individual functions - except for the lack of types mean you can’t really know what they do, they are quite clear and well written. The issue is the control flow between parts of the system. It’s difficult to know what calls what, so I’m not surprised they occasionally have to give up.
I had a play with Deno’s Fresh web framework recently (Typescript/TSX but mainly server rendered). IMO it’s light years ahead of other solutions.
You get full amazing Typescript typing, including in templates (unlike Go for example), but unlike React you don’t have to deal with JavaScript tooling or complex client side state management. It’s a real breath of fresh air. (Ha that wasn’t even intentional.)
I thought github is worse than gitlab in terms of security
barsquid@lemmy.world
on 31 Jul 2024 15:04
collapse
Could be! But that doesn’t excuse a massive security failure like sending password reset emails to attacker-supplied addresses. I am pretty sure they have had other large failures.
They are writing code with zero/negative regard for security and that makes me want to use any alternative FOSS git host.
UndercoverUlrikHD@programming.dev
on 30 Jul 2024 20:06
nextcollapse
ಠ╭╮ಠ
ulkesh@beehaw.org
on 30 Jul 2024 23:32
nextcollapse
Don’t worry everyone! It’ll get bought by some investment firm or by a large company (Microsoft [to shutter it], Google, etc) and everything will be just fine.
Right?
sigh
shekau@lemmy.today
on 31 Jul 2024 11:57
nextcollapse
GGs
wersooth@lemmy.ml
on 31 Jul 2024 14:28
nextcollapse
An other one bites the dust :'(
ZarkleFarkle@sh.itjust.works
on 31 Jul 2024 17:37
nextcollapse
I would like to say I’m not too concerned by this personally, as long as all their data remains public to all.
Because it’s an advantage that it’s hosted by a large company like Microsoft. There’s very little chance it’s going to be shut down or sold off. So developers don’t need to worry about their infrastructure as much
One of our projects failed because we got caught up in infrastructure.
It’s funny though how the people who are the most vocal against GitHub aren’t responding to this post. But they’re happy to make the biggest deal about every little button on it…
slacktoid@lemmy.ml
on 31 Jul 2024 21:37
nextcollapse
Just cause something is owned by a big company doesn’t mean it’ll last forever, example Google and their dead list of products.
Host gitea or forjeo if you really care about your infrastructure and data. If you can’t, make some compromises and pick the next best thing. But owned by big company doesn’t mean lasts forever.
Github is probably the biggest code hosting platform. There is literally no evidence that Microsoft will discontinue it… And they’ve spent a huge amount of time integrating it. It also generates 1 billion in revenue, so why would Microsoft sell it? Furthermore, its free for open source…
Self hosting is part of the reason our project failed… We wasted a lot of time with that stuff. We used Mercurial, whatever the Canonical one was, and git, and we wasted a lot of time.
Github works, and is well integrated to everything
Just pointing out that just cause its owned by a big company doesn’t mean it’ll last forever.
Also the FOSS community is by in large sus of Microsoft cause of their history practice of embrace, extend, extinguish. Which one would argue they embraced FOSS to gain easy access to their projects, the issues, the code, etc to train their models. Which would be OK if all code it generates has to be GPL to agree with the licenses of the collective pool of training data. Either way that’s the topic of debate.
It sounds like you looked into your constraints and github works for you. That’s great! And that’s what’s important.
threaded - newest
I keep basically all of my shit on Gitlab, so depending on who they sell it to, that might be a goodbye. I’ve really enjoyed the platform, but if it goes into hands of either some clueless business people, data aggregator, or “AI-first” bullshit, i’m migrating to something else.
.
I can’t think of a single reason that wouldn’t happen.
A company might want to extend it’s service offering with a build pipeline/CICD system, and buying GitLab would get them the best-in-class service.
Microsoft bought GitHub for much of the same reasons, and GitHub didn’t went to hell after the acquisition.
.
docs.github.com/…/github-general-privacy-statemen…
? Nothing about such private repo access listed there.
Every open source license grants permission for AI training, and GitHub copilot by default rejects completions that exactly match code from its training. You can’t pretend to be pro-open source or pro-free software but at the same time be upset that people are using licensed software within its license terms.
.
If a license forbids LLM training, it is by definition not open source.
.
Incorrect. Open source means using a license that conforms to the open source definition. You can find that here: opensource.org/osd
If you use agplv3 for training your LLC, shouldn’t the code you spit out also be agplv3?
Only if you can reasonably argue that the output is the input (even with exact matches over a certain size being auto-rejected), and that it is enough to qualify as a copyrightable work. I’d argue line completions can never be enough to be copyrightable, and even a short function barely meets the bar unless it is considered creative in some way.
So many errors in what you’ve written aren’t with the fact that one can INSTALL a copy of gitlab and get the CI/CD features, but actually with simple English.
I’m in the same boat. I migrated all my stuff to Gitlab the day it was announced that Github was being acquired by Microsoft. I hadn’t even really heard of Codeberg at the time. So I migrated to Gitlab.
And it sounds now like there’s a high likelikhood I’ll need to move it all again.
I’ve had my stuff on Gitlab way before that ever even happened, just because I’ve already had issues with the platform before, and knew it would eventually change hands. Shame it’ll likely happen again with this too
Codeberg didn’t exist back then yet.
That would explain it.
Come to Codeberg! I’m a member of the co-op and we’re not for sale.
I’ve been casually taking a look at it for a bit, so it’s definitely on the radar
Edit: Overall i’m happy, at first proper glance, but not having access to even barebones CI is kind of a pain. I can’t really deploy my own at the moment, and having to request access to their own Woodpecker instance is something that seems unlikely to be approved
Codeberg is where I will be next. A nonprofit ownership created because they didn’t like the commercialization of other providers that’s getting more and more popular. Seems like they likely won’t go down this rabbit hole.
You shouldn’t wait because it’s going to happen. I moved all of my projects off of Github and Gitlab, and now self-hosting my own gitea instance. It’s been great and never looked back!
Btw gitea has been involved in some shit, most of the Devs quit and created Forgejo. AFAIK you can seamlessly switch from gitea without needing to completely reset it.
Oh wow, I didn’t know that! Is there any official statement? Search didn’t turn up anything. I guess I don’t necessarily need to know exactly how it went down, but I wanna be nosy. :D
From their FAQ
For now; Forgejo is hard forking, which may break things soon.
It’s funny because despite all the fearmongering about Microsoft’s Github acquisition it feels like it only improved since then, while Gitlab has done a shitton of questionable and shitty decisions, a ton of critical security issues and in general feels like (at best) they don’t know what they are doing.
The only thing Gitlab has going for itself is that it’s self-hostable, but they still retain a large amount of control.
come to sr.ht
I actually have an account on there with almost nothing, just my nix configuration, plus a repo I cloned to commit a bug fix on software I used. But it seemed like the most responsible solution as in the price is reasonable, plus I actually like the interface. Codeberg also looks good and claims to be better in some regards, but these are the only choices nowadays.
Anyhow, I’m still waiting for Pijul to have a final 1.0 release and independent hosting solutions to appear.
Same here. Gitlab CI was a game-changer for me, too. Any thoughts on where else you’d consider going? Aside from GitHub, that is.
I suspect that in the worst case scenario, i’ll be moving stuff to Codeberg and hosting my own CI to support it
Time to federate repos?
forgejo.org
Absolutely.
I’ll self host my own forgejo instance soon.
It’s also what codeberg uses under the hood for those that don’t self host.
I hope they get true federation up running soon.
For code hosting, doesn’t that just mean you’re self-hosting + others can utilize you space for a backup?
I think the benefits of federation is discoverability. I can spin up my gitea or forgejo (or something else!) Instance, but when people look for code in their instances, they can still discover my public repositories, and if they want to contribute, they can fork and open PRs from their instances.
So yeah, it means mostly you can selfhost and provide space to others, but with the same benefits that right now github offers (I.e., everything is there).
Maybe you would be able to disable other users from creating repos.
No, it means people can contribute issues and pull requests to projects on other servers. Repositories would only be created on the server your account is on if I’m not mistaken. I believe it uses activitypub internally, so should work the same as Lemmy/mastodon.
Yes, it uses ActivityPub with the ForgeFed extension.
GitLab has been working on support for ActivityPub/ForgeFed federation as well, currently only implemented for releases though.
I feel like sourcehut really ought to be mentioned more. It federates issue and PRs by email and has a wonderful interface while not having any ads—which is why hosting one's own repo (and their CI and IRC but nothing else) requires $2 a month, unfortunately.
I don’t think it makes any sense to mention source hut because none of the features you mentioned are killer features (or relevant. Why should I care about implementation details of feature tracking?) and it completely fails to address GitLab’s main value proposition: it’s CICD system.
Anyone can put up any ticketing system. They are a dime a dozen. Some version control systems even ship with their own. CICD is a whole different ballgame. It’s very hard to put together a CICD system that’s easy to manage and has a great developer experience. Not even GitHub managed to pull that off. GitLab is perhaps the only one who pulled this off. A yams file with a dozen or so lines is all it takes to get a pipeline that builds, tests, and delivers packages, and it’s easy to read and understand what happens. On top of that, it’s trivial to add your own task runners hosted anywhere in the world, in any way you’d like. GitLab basically solved this problem. That’s why people use it.
I use gitlab ci mainly and dabble in github actions. Can you clarify how “Not even Github managed to pull that off”? IIRC, actions is quite featureful and it’s open-source, so I assume that can be run with self-hosted runners as well.
Yep, at my previous job I moved a pretty complex build system from Jenkins to github actions. It worked fine and was much simpler to maintain.
And yes there are ways to run github actions on your own machine, but I haven’t tried it.
GitHub actions has an atrocious user experience, to the point that even a year or so ago people where doubting it was production-ready.
Sure, you can put together a pipeline. But I challenge anyone to try it out with GitHub actions and then just try to do the same with GitLab or even CircleCI or Travis.
The fact that people compare GitHub Actions go Jenkins of all things is everything anyone needs to know about it’s user experience.
Using email for anything is a non-feature for me. I want nothing to do with that outdated, confusing piece of tech that has been shoved in all sorts of places it doesn’t belong
Email is confusing? Since when?
Since forever. It’s very slow, I’m still not sure replying is actually in the spec or email clients fake it with Re: and then force you to quote the entire history of the conversation back and forth. Also very easy to break if you don’t like the Re: or something. People are constantly replying to the wrong person or persons, sometimes even to themselves. You have weirdly named fields “cc” and “bcc” that are present all the even though I use them like 4x and 1x a year, respectively. You can’t unsend or delete emails.
And all this is before I get into doing git or calendars over email.
Email is in fact one of the reasons I’m not sure I want the fediverse to succeed right now, because then all the faults of activitypub will be forced on us for centuries, like they are with email.
What kind of non-sentence is that?
It’s an existing sentence if it’s not non-exisent.
Big if true and big.
It’s what they most not the least
Seems like a perfectly cromulent English sentence to me.
Looked up “cromulent” in the dictionary. Wasn’t disappointed!!
The fact it’s now in the dictionary proper is bizarre… but I mean… so is “okay.” And that’s almost the same ascended joke.
The kind of sentence you write when you’re still 20 words from the target your editor set for the article
It means when the author was waiting for his order at Popeyes, the guy in front who did small talk with him introduced himself as a Gitlab employee and told the author “Gitlab might sell in weeks. It is a deal or no deal”
It feels like it’s saying “if rumors are true, the deal is weeks away.” A reminder that it might not be the case.
The chances of the coin flip yielding heads are roughly 50%, if coins don’t not exist.
Fuck. No other source forge supports groups or orgs with hierarchical projects 🫤 Gitea and Forgejo went hard on being github clones, so they’re off the list. Are there any other alternatives? I don’t want to have to bash together scripts to make something…
Anti Commercial-AI license
It’s not a dealbreaker for me but I feel your pain. Getting everything organized in Gitlab is a pleasure.
I looked into it after this year’s massive price hike… There’s no meaningful alternative. We’re on the FOSS version of GitLab now (GitLab-CE), but the lack of code ownership / multiple reviewers / etc. is a real pain and poses problems with accountability.
Honestly there are not that many features in Gitlab EE that are truly necessary for a corporate environment, so a GitLab-CE fork may be able to set itself apart by providing those. To me there are two hurdles:
Honestly I think I’d be happy if forgejo supported gitlab-runner, that seems like a much more reasonable ask given the clean interface between runner and server. Maybe I should experiment with that…
FYI you can self-host GitLab, for example in a Docker container.
It’s the worst example, but it’s an example, sure.
Much like that comment. Can you give a better example, or express why it’s a bad example? That would bring some quality in.
forgejo.org here’s a little better example, though you did a great job doing some proposal, gotta love those who do at least some initiative <img alt="" src="https://lemmy.world/pictrs/image/ce9652ad-90b9-40e5-942f-31978f30eb4f.jpeg">
Forgejo is a gitea fork, it’s got nothing to do with gitlab
.
Are they “forks” or are they “built on top of”?
Forgejo used to be built on top of Gitea (soft fork) but since this year have been starting to go their own way, which may break things (hard fork).
Gitlab is very complex and a heavy resource hog. You probably don’t need it. Most small to medium enterprises can comfortably host their projects on lightweight forgejo or gitea (speaking from experience). They even have functionality similar to github actions. If you need anything more complex, you are better off integrating another self hosted external service to the mix.
In my experience the other alternatives tend to lack solid CI integration. I have yet to find an open source alternative as good as Gitlab’s.
You can also just make bare got repositories on any server you can ssh into.
got it
Coincidentally, this is what git is short for.
Source: “git” can mean anything, depending on your mood.
github.com/…/e83c5163316f89bfbde7d9ab23ca2e25604a…
Or you could make your life a lot easier and use Forgejo
Fuck
You should all incorporate and buy it.
I literally made an account the day before and transferred from GitHub, then wake up and see this. FFS just my luck.
Wait, this is YOUR fault?!! 😋
Codeberg!
Does Codeberg have anything like Gitlab CI, or does it need to be paired with other build tools like Jenkins, TeamCity, etc?
Yes, but you need to manually request it and there are a handful of things that need to be true. See here for them all: codeberg.org/Codeberg-e.V./requests#woodpecker-ci
In summary, it needs to be a public repo with FOSS code and the README must match the project’s intended goal.
GitLab still doesn’t even support leaving comments on a commit message. Like, what? GitLab and GitHub have all these fancy shiny features but still suck at offering basic code review functionality.
I never understood the appeal.
I mean, I get it, but that’s also not a thing of git, right? Just because GitHub does something doesn’t mean every other hosting provider needs to. If your code review process is to comment upon specific commits, maybe it’s the code review process that’s wrong?
GitHub doesn’t let you comment on the commit message either. The only one I’ve seen do this properly this is Gerrit. And of course regular old mailing list reviews.
There are so many blogs and posts about writing good commit messages, using Conventional Commits, etc, and the two most popular forges don’t even let you comment in-line on the commit message during a review.
Git kinda has it? Have you seen git notes? git-scm.com/docs/git-notes
You can leave comments on a commit message. What do you mean exactly?
You can not highlight text in a commit message and leave an in-line comment in the same way you can for code changes in the diff.
Edit: gitlab.com/gitlab-org/gitlab/-/issues/19691
Ohhhhh you can’t comment on a specific line of a commit message. I see. I mean… yeah I guess not. That seems like a super niche feature though. How long are your commit messages? I’ve never even tried to do that. Commit messages are short enough you can pretty much just write a normal message not tied to a specific line.
There are waaaaay bigger issues with Gitlab. Here’s one I ran into recently, you can’t search for pipelines. It’s got a search box and everything but you literally can’t search; only filter. So stupid.
I actually just went to take a look at Gitlab issues I have commented on to see what my worst ones are. Guess what… you can’t even search for issues you have commented on!!!
Still, overall it’s the best self-hostable option out there at the moment IMO. I guess Forgejo (truly abysmal name) may overtake it at some point.
Ive been meaning to move to codeberg, self hosted forgejo, or sourcehut so this will only accelerate that if things get worse.
I preemptively moved to codeberg, very nice and pro IMO.
The only “downside” about Codeberg is that (for the most part) you’re only allowed to host projects that as FOSS or projects you intend to make FOSS. (Stuff like personal notes and config files are fine too.)
I just flipped my home git to forgejo from gitlab, gitlab just had a bunch of features I wasn’t using, forgejo was easy to setup and it has a nice interface. I’m just using it for source control right now, still probably huge overkill but eh
How did you set it up? I’ve been wanting to setup forgejo in a docker container but wasn’t sure how easy the process is.
I was originally going to to go the docker route but honestly just ended up going the binary route and leaving it using sqlite as it’s good enough for now. It’s pretty well documented and a chunk of the prereqs I already had, like the git user creation.
Did have SSH auth issues though, probably becauae I didn’t fully cleanup after uninstalling gitlab (oops), had them in parallel for a bit to migrate the repos, gitlab had it trying to use gitlab-shell which didn’t exist anymore. Probably a better/proper solution but what worked was changing the git user’s home directory back to /home/git as gitlab had it using a gitlab config directory. I welcome anyone giving me a better/cleaner solution for this, on my to do list to do some more cleanup.
Love me some codeberg.
GitLab is a security nightmare, good luck to whoever purchases that.
Elon has entered the chat…how many labs of this git kind can you make for him within 3 months? Can git be somehow monetized?
Could you elaborate? I use Gitlab bit i’m not a security expert.
Here is the one where I decided to never trust their code: arstechnica.com/…/0-click-gitlab-hijacking-flaw-u…
As if that isn’t bad enough, I am pretty sure they have had other incidents.
I used to host a Gitlab instance at work. It was dog slow so I started digging into it and discovered they had a serious memory leak in some of their “unicorns,” aka Ruby tasks. Instead of fixing the source of the leak they tacked on a “unicorn killer” that periodically killed tasks. The tasks were supposed to be atomic anyway, so this is technically fine (and maybe a good thing in the long run for correctness a la Netflix’s Chaos Monkey) but I found myself kind of disgusted by the solution. I dropped it and went for a much sparser Git repo web server.
lmao! Man that’s hilarious!
“We have a memory leak that could lead to a security issue.We should do something about it.”
“I made a process that periodically kills those tasks. No one will notice the problem now.”
The unicorn killer will have a memory leak as well. 💀
I had to look it up to check my memory. Yup! …gitlab.com/…/how-gitlab-uses-unicorn-and-unicorn…
I don’t think memory leaks could ever amount to a security vulnerability, but it just feels yucky. I guess I shouldn’t cast stones, I write C++ at work.
In theory it could, after all there are technically denial-of-service vulnerabilities (not DoS/DDoS attacks, that is something different) according to CVE Numbering Athorities.
Maybe I’m misunderstanding you, but DoS is exactly the same thing as “denial of service”.
My point is that memory leaks can only degrade availability; they are categorically distinct from security vulnerabilities.
I think you might be misunderstanding me.
According to the CVE Numbering Athorities, there can be vulnerabilities that result in service being denied, and they refer to them as a denial-of-service vulnerability. For example, there can be a bug in a program that causes it to crash if you perform a certain set of steps/actions, thus resulting in the service being denied. Whereas traditionally, a DoS/DDoS attack is simply flooding a target with more bandwidth than they have available downstream bandwidth. Sending massive amounts of data to overwhelm a service is not the same thing as finding a unique set of actions to cause the program to crash.
So in theory, yes, a memory leak could amount to and result in a security vulnerability, like if the memory leak is reproducible and so severe it causes a service to crash.
Aha, I didn’t realize compromising availability was sufficient for the CVE definition of security vulnerability. Projects I’ve worked on have typically excluded availability, though that may not be the norm.
And I see your point about some exploits being highly asymmetric in the attacker’s favor, compared to classic [D]DoS.
That’s disappointing. They are pretty consistently choosing the wrong thing. I don’t think they know what they’re doing.
Unicorn killer does sound great for testing. If they wrote tests around anything I’d be surprised, though. LOL.
If you don’t need all the user management and whatever else it definitely doesn’t make sense to run their junk.
They do have a ton of tests actually. In their defence, if this task is doing Git things then just killing it when it goes badly is probably the best you can do. Git itself is quite buggy if you stray from the most basic setup. I’ve had it almost completely destroy my .git directory in the past when using submodules.
On the other hand, Gitlab itself is an enormous entirely untyped Ruby monster, with extremely difficult to follow code. Not in terms of individual functions - except for the lack of types mean you can’t really know what they do, they are quite clear and well written. The issue is the control flow between parts of the system. It’s difficult to know what calls what, so I’m not surprised they occasionally have to give up.
I had a play with Deno’s Fresh web framework recently (Typescript/TSX but mainly server rendered). IMO it’s light years ahead of other solutions.
You get full amazing Typescript typing, including in templates (unlike Go for example), but unlike React you don’t have to deal with JavaScript tooling or complex client side state management. It’s a real breath of fresh air. (Ha that wasn’t even intentional.)
I thought github is worse than gitlab in terms of security
Could be! But that doesn’t excuse a massive security failure like sending password reset emails to attacker-supplied addresses. I am pretty sure they have had other large failures.
They are writing code with zero/negative regard for security and that makes me want to use any alternative FOSS git host.
Gitea
ಠ╭╮ಠ
Don’t worry everyone! It’ll get bought by some investment firm or by a large company (Microsoft [to shutter it], Google, etc) and everything will be just fine.
Right?
sigh
GGs
An other one bites the dust :'(
I would like to say I’m not too concerned by this personally, as long as all their data remains public to all.
So… just to repeat myself for the 300th time
This is a good example of why people use GitHub
Because it’s an advantage that it’s hosted by a large company like Microsoft. There’s very little chance it’s going to be shut down or sold off. So developers don’t need to worry about their infrastructure as much
One of our projects failed because we got caught up in infrastructure.
It’s funny though how the people who are the most vocal against GitHub aren’t responding to this post. But they’re happy to make the biggest deal about every little button on it…
Just cause something is owned by a big company doesn’t mean it’ll last forever, example Google and their dead list of products.
Host gitea or forjeo if you really care about your infrastructure and data. If you can’t, make some compromises and pick the next best thing. But owned by big company doesn’t mean lasts forever.
Github is probably the biggest code hosting platform. There is literally no evidence that Microsoft will discontinue it… And they’ve spent a huge amount of time integrating it. It also generates 1 billion in revenue, so why would Microsoft sell it? Furthermore, its free for open source…
Self hosting is part of the reason our project failed… We wasted a lot of time with that stuff. We used Mercurial, whatever the Canonical one was, and git, and we wasted a lot of time.
Github works, and is well integrated to everything
Just pointing out that just cause its owned by a big company doesn’t mean it’ll last forever.
Also the FOSS community is by in large sus of Microsoft cause of their history practice of embrace, extend, extinguish. Which one would argue they embraced FOSS to gain easy access to their projects, the issues, the code, etc to train their models. Which would be OK if all code it generates has to be GPL to agree with the licenses of the collective pool of training data. Either way that’s the topic of debate.
It sounds like you looked into your constraints and github works for you. That’s great! And that’s what’s important.
And Microsoft wouldn’t fuck up with GitHub? Or sell it to god.onows who? You sure about that?
Gitlab is at least open source, I can host it myself