If your IP (and possible your browser) looks "suspicious" or has been used by other users before, you need to add additional information for registration on gitlab.com, which includes your mobile phone number and possibly credit card information. Since it is not possible to contribute or even report issues on open source projects without doing so, I do not think any open source project should use this service until they change that.
Screenshot: https://i.ibb.co/XsfcfHf/gitlab.png
I remember when gitlab.com was the most accessible alternative to GitHub out there, but it seems they're only interested in internal enterprise usage now. Their main page was already completely unreadable to someone not versed in enterprise tech marketing lingo, and now this.
Thankfully Gitea and Forgejo have gotten better in the meantime, with Codeberg as a flagship instance of the latter.
GitLab used to be awesome when it was the place to go after MS bought out GitHub. They had premium access for all public projects under a FOSS license and top-tier CI. Then as time went on, they began pulling support for various functions in a very Microsoftian EEE sort of way. First requiring credit cards fir new users to access the CI, then taking away the CI almost entirely except for a practically useless monthly allotment, then taking away the premium access for public FOSS licensed projects. If I were migrating today I would not have chosen GitLab, but it is where I settled after leaving GitHub and my projects have grown to depend on GitLab CI even if I'm now forced to run my own runners due to the extreme nerfs they've done to the hosted CI. I mirrored OpenRGB to Codeberg, but since the CI pipelines depend on GitLab I don't see Codeberg becoming the main hub anytime soon unless they can execute GL CI configs. Sad to see how far GitLab has fallen though, it is unrecognizable from what it used to be as far as support for FOSS prohects goes, especially given how GitLab itself started as a FOSS project.
Fuck GitLab. I used to use it until recently moved all my projects to codeberg. Way better. GitLab is becoming more and more like GitHub.
Like others, I had an account before this was implemented. I have a couple projects on there, also mirrored to self hosted gitea. Have had people refuse/unable to contribute to the gitlab project due to the kyc requirement, so I'm thinking I will migrate to codeberg soon.
I would LOVE to switch to codeberg for work, but my work requires that all data be hosted in the US, so I recently pitched GitLab as an alternative to GitHub, even though it's not perfect.
Wait. Wtf does it need to be US specifically? So the goverment has full access to the data or what?
Export controls or legal compliance, most likely. Export controls because the code may be a protected technology, or compliance because the company doesn't have gdpr or some other legal framework.
In which case, get your code off the net and use Forgejo to get your own instance, same as codeberg. If hosting location is a real issue, bring it home.
That's eventually the plan, but I expect that process to take on the order of a year, unfortunately.
To add a few more details: After trying several times with different IPs and different browsers, I was able to register by providing only a mobile phone number once. Since that still requires personal information, this is still a very questionable process. (not to mention it took me a day to not be asked for a cred card)
Policies like that are almost entirely about minimizing fraud and harassment. It really sucks for people who don't have mobile phones that support authentication texts or whatever (since, even as you pointed out, the requirement is mostly a phone number) but it also drastically cuts down on fake/harassment accounts.
It's about data harvesting and selling not safety or any other mentioned.
Even Github does not require any personal information, so there are certainly other ways.
And Github is Microsoft who need those capabilities for basically every other website they sell.
Whereas gitlab is REALLY good software with... a website nobody ever really asked for but that still needs to exist to sell people that software.
This comes up with a lot of services. I think everyone lost their god damned minds when overwatch added phone verification?
Like, I don't like it. But I have friends who ahve had to deal with harassment campaigns against their products (or persons) and the like and get why you would do what, on the surface, is a pretty trivial ask as a way to remove sock puppets.
what, on the surface, is a pretty trivial ask
I don't think having my real life phone number tied to a website or game account is a trivial ask. I'd like my data to be private, especially something as real-life and tangible as a fucking phone number. Sure, there are ways around these things, you can get a fake phone number for cheap (or possibly even free), but that's rather more effort than I'm willing to put in for most things. If I need to enter a phone number to sign up for an account for something, chances are very extremely good I'll just decide I don't need the account that badly. I don't think I'm alone in this.
Which means you likely weren't invested in engaging in a meaningful manner. That is especially important for filing a bug report on an open source project.
And I guess I just don't view a phone number as having much value from a privacy standpoint. Basically every number is compromised to the point that it is dependent on your phone/service provider to block spam. One more site having my phone number doesn't really bother me if it is a site I want to "engage" with.
Also: Never underestimate how much data is already out there just based on what pages you load. Privacy is long since dead and people do not understand how easy it is to cross reference to realize that "Jimmy in The Netherlands" is actually "Jim Stark at 101 Fake Street in Baltimore Maryland whose sister is Susie Clark with facebook username sclark_420"
I stopped since they put a broken cloudflare config in front of it that puts me in an infinite loop so I can't ever log in