As you can easily notice, today many open source projects are using some services, that are… sus.
For example, Github is the most popular place to store your project code and we all know, who owns it. And not to forget that sketchy AI training on every line of your code. Don't we have alternatives? Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.
Also, Crowdin is very popular in terms of software (and docs) translation. Even Privacy Guides and The New Oil use Crowdin, even though we have FLOSS Weblate, that you can easily self-host or use public instances.
So, my question is: if you are building a FLOSS / privacy related project, why using proprietary and privacy invasive tools?
A lot of people use Github because it's easy to use and popular. Not everyone wants to self host, although it would be nice if the larger projects did. What I really hate is when open source projects use something like disord for support.
I hope this changes (even if a little bit) once Forgejo (FLOSS Gitea fork) adds forge federation.
There's been a general trend towards self-hosted GitLab instances in some projects:
- https://gitlab.freedesktop.org/
- https://invent.kde.org/
- https://gitlab.archlinux.org/
Small projects tend to not want to spin up infrastructure, but on GitHub you know your code will still be there 10 years later after you disappear. The same cannot be said of my Cogs instance and whatever was on it.
And overall, GitHub has been pretty good to users. No ads, free, pretty speedy, and a huge community of users that already have an account where they can just PR your repo. Nobody wants to make an account on some random dude's instance just to open a PR.
GitHub (since the Microsoft acquisition) is good to users because that's their MO, it's called Embrace, Extend, Extinguish, and the whole point is to centralize users and projects and make them dependent on the Microsoft ecosystem.
Of course now there's also the whole issue of Copilot, which means any code you put on GitHub could very well show up piecemeal in someone's AI-generated code. If it wasn't for that novel avenue of monetization, you can bet your ass GitHub would have already made the free user experience a lot shittier.
Micosoft also owns npm, Windows, Azure, Office, Outlook, Teams, & LinkedIn—MS GitHub is not just Copilot, but Sponsors & Codespaces. The whole overarching goal is to integrate all this data & make support between these products is prioritize with little upsells inside the apps, & get you hooked on the ecosystem… neo-EEE.
You can host a git repo with little effort on any Linux machine you can ssh to. You don’t need to host a git lab instance unless you want some web gui.
Because most oss maintainers are more afraid of their work disappearing due to service shutdowns than they are being profiled by data miners.
Everyone has seen some example of a tool or resource hosted on a persons private server end up taken down because they couldn’t afford it, the isp or university stopped offering hosting or because they simply couldn’t keep doing it due to death or old age.
That’s what people who create software are afraid of. The loss of that creation, not the loss of the privacy of people who contribute to it or download it.
Remember when we used to have mirrors as standard practice? If it is just text, it doesn’t use much space to serve someone else’s code too (no, your README does not need images, video, etc.). Besides, every node in a DVCS is a technically a mirror, it’s just decentralized collaboration is a lost art to many.
Well, keeping an infrastructure like github is very expensive. Other solutions like gitlab are no real solution as gitlab itself is also not completely FOSS. Codeberg is a relatively new kid in the block, and sustainability in the long term is still not proven. Gitea/Forjego requires you to selfhost your repositories and that's something not everybody can afford/take the time to do.
So, we have a situation of a standard de facto, when one company took the space and constitued a monopoly, forcing the users to use it or be invisible otherwise.
So, there you have the reason: visibility in a market dominated by just one actor.
How to fight this situation? There is no much way as individuals, a partial solution is to use a FOSS solution and then mirror on github for visibility. Of course this is limited as individual solutions wont change collective problems, but FOSS groups doing the same are no longer individuals but communities so with time we may have a way to get out...EDIT: s/go/get
Not only that FOSS use GitHub and other proprietary hosts, they even in much cases contain APIs of Google, M$, Amazon, Fakebook & cia, APIs also offered as FOSS by Big Brothers. Since these companies have entered the world of OpenSource, what was previously considered free software is becoming more and more perverted.
It's ridiculous when I want to use an OpenSource service where an account is necessary, most of the time a window appears with the kind offer to log in with a Google or Facebook account or that this service send data to googleanalytics, googletagmanager and Alphabet, like ocurres with an account in Mozilla.
Time to update and redefine what free software should be.
I am also thinking of starting an open source project, and honestly, will do it on Github, because so far, GitHub does not require microphone or location access, yadayada... And the AI thing would happen anyway. Do you think Google has not used GitHub repos for training Gemini?
I am very interested in syncing the repo with a federated git server, but from what I am reading Codeberg/Forgejo still don't have federation working?