this post was submitted on 16 May 2024
160 points (86.0% liked)

Open Source

31832 readers
232 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

As you can easily notice, today many open source projects are using some services, that are… sus.

For example, Github is the most popular place to store your project code and we all know, who owns it. And not to forget that sketchy AI training on every line of your code. Don't we have alternatives? Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.

Also, Crowdin is very popular in terms of software (and docs) translation. Even Privacy Guides and The New Oil use Crowdin, even though we have FLOSS Weblate, that you can easily self-host or use public instances.

So, my question is: if you are building a FLOSS / privacy related project, why using proprietary and privacy invasive tools?

top 50 comments
sorted by: hot top controversial new old
[–] cmnybo@discuss.tchncs.de 131 points 7 months ago (5 children)

A lot of people use Github because it's easy to use and popular. Not everyone wants to self host, although it would be nice if the larger projects did. What I really hate is when open source projects use something like disord for support.

[–] hperrin@lemmy.world 19 points 7 months ago (16 children)

I run a fairly popular open source project called Svelte Material UI, and I can tell you why I use Discord for support. My users want me to use it. GitHub too.

People want to use what they already have, and most people, even developers, don’t care that much about privacy. I would gladly self host a support forum, but tons of people would rather use a different library than sign up for my personal support forum. And the people who really care about privacy wouldn’t trust my self hosted solution either, so there isn’t really a better option than Discord, as much as that sucks.

[–] cmnybo@discuss.tchncs.de 69 points 7 months ago (12 children)

When support is hidden away in discord, web searches can't find it. Nobody can even look through it without having an account.

load more comments (12 replies)
load more comments (15 replies)
[–] devraza@lemmy.ml 14 points 7 months ago (2 children)

I hope this changes (even if a little bit) once Forgejo (FLOSS Gitea fork) adds forge federation.

[–] taladar@sh.itjust.works 9 points 7 months ago (1 children)

Federation doesn't really solve the issue that self-hosting takes effort away from working on the actual project.

[–] Max_P@lemmy.max-p.me 20 points 7 months ago (4 children)

No but it does solve people not wanting to bother making an account for your effectively single-user self-hosted instance just to open a PR. I could be up and running in like 10 minutes to install Forgejo or Gitea, but who wants to make an account on my server. But GitHub, practically everyone has an account.

[–] dessalines@lemmy.ml 7 points 7 months ago

This is the main reason why we haven't moved lemmy's repo there (yet). Most of the devs are on board with leaving github tho at some point.

load more comments (3 replies)
load more comments (1 replies)
[–] pineapplelover@lemm.ee 7 points 7 months ago

I disagree with the fact because they want to self host. Codeberg exists and is pretty easy to use. Been thinking of migrating there.

[–] Tick_Dracy@lemm.ee 5 points 7 months ago (2 children)

Whenever I see a project which the support relies on Discord, I ignore it, or I treat it as if it doesn't have support at all.

I refuse to participate in a community which makes Meta looking like a privacy focused company.

load more comments (2 replies)
load more comments (1 replies)
[–] Max_P@lemmy.max-p.me 64 points 7 months ago (3 children)

There's been a general trend towards self-hosted GitLab instances in some projects:

Small projects tend to not want to spin up infrastructure, but on GitHub you know your code will still be there 10 years later after you disappear. The same cannot be said of my Cogs instance and whatever was on it.

And overall, GitHub has been pretty good to users. No ads, free, pretty speedy, and a huge community of users that already have an account where they can just PR your repo. Nobody wants to make an account on some random dude's instance just to open a PR.

[–] verdigris@lemmy.ml 18 points 7 months ago (2 children)

GitHub (since the Microsoft acquisition) is good to users because that's their MO, it's called Embrace, Extend, Extinguish, and the whole point is to centralize users and projects and make them dependent on the Microsoft ecosystem.

Of course now there's also the whole issue of Copilot, which means any code you put on GitHub could very well show up piecemeal in someone's AI-generated code. If it wasn't for that novel avenue of monetization, you can bet your ass GitHub would have already made the free user experience a lot shittier.

[–] SayJess@lemmy.blahaj.zone 8 points 7 months ago

Wouldn’t code hosted anywhere on the open internet be potentially susceptible to AI scraping?

load more comments (1 replies)
load more comments (2 replies)
[–] dsemy@lemm.ee 61 points 7 months ago (3 children)

Network effect.

Using GitHub as an example, choosing any alternative (as a small project) will reduce the amount of contributions and will make the project less discoverable. Especially if you consider projects where the technical barrier for contribution is lower, it is much more likely for a potential contributor to have an account on a "mainstream" platform.

I used to think that this was less of an issue in more niche communities, but a recent post by an Emacs package developer (Protesilaos Stavrou, won an FSF award a few years ago) changed my mind: https://protesilaos.com/codelog/2024-04-30-re-emacs-github-freedom-microsoft/

load more comments (3 replies)
[–] bloodfart@lemmy.ml 41 points 7 months ago (1 children)

Because most oss maintainers are more afraid of their work disappearing due to service shutdowns than they are being profiled by data miners.

Everyone has seen some example of a tool or resource hosted on a persons private server end up taken down because they couldn’t afford it, the isp or university stopped offering hosting or because they simply couldn’t keep doing it due to death or old age.

That’s what people who create software are afraid of. The loss of that creation, not the loss of the privacy of people who contribute to it or download it.

[–] toastal@lemmy.ml 9 points 7 months ago

Remember when we used to have mirrors as standard practice? If it is just text, it doesn’t use much space to serve someone else’s code too (no, your README does not need images, video, etc.). Besides, every node in a DVCS is a technically a mirror, it’s just decentralized collaboration is a lost art to many.

[–] OsrsNeedsF2P@lemmy.ml 27 points 7 months ago* (last edited 7 months ago) (1 children)

Because most of us want projects with users, and there's a lot more users on GitHub and Discord than Gitea and Matrix

[–] chebra@mstdn.io 30 points 7 months ago (3 children)

@OsrsNeedsF2P But that's the problem we need to fix, not the reason to give up. There will be more people on Gitea and Matrix if you try. There is also more people on Reddit and Twitter, yet here we are.

[–] tyler@programming.dev 36 points 7 months ago (6 children)

If you try. Have you ever maintained any sort of large FOSS project? Have you ever run infra for FOSS? Even if you control your own DNS, you somehow became your own Domain Name Registrar, you bought the fiber all the way to your internet backbone provider, you are still compromising somewhere. For those of us that actually maintain and run foss projects it’s a massive pain in the ass. There’s nothing to “give up”. It’s all about using your personal resources wisely. I can’t spend time trying to get gitea up and running when I can quite easily use GitHub and lose absolutely zero functionality. And it’s not like any project I put on GitHub is somehow worse off than on gitea, they’ll function exactly the same since I only use MIT licensing.

[–] foosel@discuss.tchncs.de 14 points 7 months ago (9 children)

I wish I could upvote you more than once.

It all really comes down to making choices that make the most use of the extremely limited resources (time, money, spoons) you have as a maintainer.

load more comments (9 replies)
load more comments (5 replies)
[–] magic_lobster_party@kbin.run 6 points 7 months ago (1 children)

Reddit and Twitter aren’t comparable here. I’m not bound to the fediverse just because I post here. I can still use Reddit if I want. I don’t care much if my posts aren’t seen by anybody here either.

Code hosting is a different story. It’s not ideal to host on both Github and Gitea at the same time. It’s a mess to keep track of multiple issue trackers at the same time. If you chose one you’re kind of bound to it, so you better choose the alternative that increases the chances of future success of the project.

[–] devraza@lemmy.ml 4 points 7 months ago (2 children)

You could host on Gitea and mirror to GitHub. Obviously, users may be less inclined to sign up to your Gitea instance, but I hope people being unwilling to register becomes less of an issue once Forgejo (Gitea fork) implements forge federation.

load more comments (2 replies)
load more comments (1 replies)
[–] otter@lemmy.ca 24 points 7 months ago (1 children)

Usually because resources are limited, both financial and time, so people make do with what they can.

As projects grow, and as the FOSS alternatives improve, projects can switch over.

[–] xnx@slrpnk.net 22 points 7 months ago

Codeberg is relatively new, gitlab sucks, I’ve never heard of notabug. That’s why. People want their open source projects to be found and contributed to so using what the most popular makes sense. Although i do love codeberg and I’m glad it’s being worked on so well.

[–] h3ndrik@feddit.de 22 points 7 months ago* (last edited 7 months ago) (1 children)

I see Github as a mere tool. As I could use a proprietary operating system like Windows on my development computer, I can use Github to distribute the code. It doesn't have that severe consequence to the open source project itself and works well. And it's relatively transparent. Users can view issues etc without submitting to Microsoft. And it's been the standard for quite some time.

I'm far more concerned with FLOSS projects using platforms like Discord, which forces their users to surrender their privacy and that actively contribute to the enshittification of the internet. I wouldn't want to be part of that.

[–] PropaGandalf@lemmy.world 7 points 7 months ago (3 children)

yuzu? suyu? does that ring a bell?

load more comments (3 replies)
[–] estebanlm@lemmy.ml 21 points 7 months ago* (last edited 7 months ago) (2 children)

Well, keeping an infrastructure like github is very expensive. Other solutions like gitlab are no real solution as gitlab itself is also not completely FOSS. Codeberg is a relatively new kid in the block, and sustainability in the long term is still not proven. Gitea/Forjego requires you to selfhost your repositories and that's something not everybody can afford/take the time to do.
So, we have a situation of a standard de facto, when one company took the space and constitued a monopoly, forcing the users to use it or be invisible otherwise.
So, there you have the reason: visibility in a market dominated by just one actor.
How to fight this situation? There is no much way as individuals, a partial solution is to use a FOSS solution and then mirror on github for visibility. Of course this is limited as individual solutions wont change collective problems, but FOSS groups doing the same are no longer individuals but communities so with time we may have a way to get out...

EDIT: s/go/get

[–] iopq@lemmy.world 10 points 7 months ago (2 children)

Codeberg seems cool, even though I saw it go down a little while ago. I still believe the internet wants to be free. There's no guarantee GitHub won't eventually start charging for more things.

[–] dessalines@lemmy.ml 6 points 7 months ago (1 children)

I like codeberg, but they also removed a torrent project I was working on because it didn't comply with german law. Kind of unavoidable when you use any centralized service, especially in a country that's severely anti-piracy.

[–] iopq@lemmy.world 5 points 7 months ago

That's worrying, I guess federation is the way to go

load more comments (1 replies)
load more comments (1 replies)
[–] Zerush@lemmy.ml 15 points 7 months ago* (last edited 7 months ago)

Not only that FOSS use GitHub and other proprietary hosts, they even in much cases contain APIs of Google, M$, Amazon, Fakebook & cia, APIs also offered as FOSS by Big Brothers. Since these companies have entered the world of OpenSource, what was previously considered free software is becoming more and more perverted.

It's ridiculous when I want to use an OpenSource service where an account is necessary, most of the time a window appears with the kind offer to log in with a Google or Facebook account or that this service send data to googleanalytics, googletagmanager and Alphabet, like ocurres with an account in Mozilla.

Time to update and redefine what free software should be.

[–] pathief@lemmy.world 7 points 7 months ago* (last edited 7 months ago)

Having free and open source software is not enough for some people. The dev needs to publish it in a Foss platform, use a Foss operative system, a Foss ide, mild political views. Free, quality and high maintained software is not good enough these days. /s

[–] mormund@feddit.de 6 points 7 months ago (3 children)

Maybe an unpopular opinion but why would you care about how privacy invasive GitHub is? Your code is open-source anyways so MSFT can steal it wherever you host it. And if they haven't changed it you're able to sign up with just an email and a pseudonym. It's not a social network where you have to post private information for it to be useful you can and most people do use it pretty anonymously.

So I never understand the outrage about GitHub and MSFT. Git is distributed anyway, the only thing that can be lost are issues and pull request histories. If they fuck up, everyone can just move. Now GitHub Actions, that is a clever thing for binding users...

[–] chebra@mstdn.io 13 points 7 months ago (1 children)

@mormund It's not about the privacy of the code, but the privacy of the users clicking on github and then reading some news. They aggregate behavioral data about you.

> the only thing that can be lost are issues and pull request histories

"Only"?? That's a HUGE problem. That's exactly one of the walls keeping people inside github. Git protocol could distribute that, but it doesn't suit the commercial platform's interests -> go to open platforms instead.

[–] taladar@sh.itjust.works 5 points 7 months ago (9 children)

Can you name an open platform that actually does distribute PRs and issues? I know there were a few that tried but I mean one that actually succeeded and is usable by people who just want to report a bug?

Also, your issues and pull requests are much more likely to be lost in your self-hosted one project instance than on GitHub if anything happens to you.

load more comments (9 replies)
[–] taladar@sh.itjust.works 4 points 7 months ago

I can understand the argument against GitHub in two contexts, one is when people build features into their software that assume GitHub, e.g. when a programming language assumes it can just prepend github.com/ to your repo to find it and the other is the argument that losing GitHub would be a huge blow because so many projects are there and only there so a lot of things would have to be done at once if that ever happened.

[–] PropaGandalf@lemmy.world 4 points 7 months ago (6 children)

they can take your whole project down if they want so. or if they are forced to do so.

load more comments (6 replies)
[–] Veraxus@lemmy.world 4 points 7 months ago (4 children)

Gitlab just stomps Github into the dirt these days. For my own projects, I’m now Gitlab all the way.

My one complaint, though, is that Gitlab’s Git LFS is way more pricey than Github, which sucks.

load more comments (4 replies)
[–] unknowing8343@discuss.tchncs.de 4 points 7 months ago

I am also thinking of starting an open source project, and honestly, will do it on Github, because so far, GitHub does not require microphone or location access, yadayada... And the AI thing would happen anyway. Do you think Google has not used GitHub repos for training Gemini?

I am very interested in syncing the repo with a federated git server, but from what I am reading Codeberg/Forgejo still don't have federation working?

load more comments
view more: next ›