Comment by chrisandchris
2 years ago
Yep, I see GitHub as "public only" hosting, and if I want to host something private, I will choose another vendor.
2 years ago
Yep, I see GitHub as "public only" hosting, and if I want to host something private, I will choose another vendor.
The noted issue looks to be applicable to forks only, not to all private repos.
It also applies to this situation:
The commits pushed to F prior to R being made public will become de facto public, even though F has always been a private fork. The post makes clear that commits pushed to F after R is made public are placed into a separate, private fork network.
So basically, if you ever intend to open source anything, never do it to an existing private repo. Always start a from-scratch repo to be the root of your new public project.
I find the attitude worrying. I understand that it's maybe not easy to fix, or even fixable without breaking some use cases.
However, if they "don't care" about such an issue, how can I trust them to care about other stuff?
Github’s attitude and perception of the terms “privacy” and “security” - it is more important.
For the benefit of anybody thinking "with gitlab I'm safe from this": If you're saying (and perhaps you're not) that some other git hosting service
- gives you control over gc-ing their hosted remote?
- does not to your knowledge have a third-party public reflog or an events API or brute-forceable short hashes?
if so, especially the second of those seems a fragile assumption, because this is "just" the way git works (I'm not saying the consequences aren't easy to mentally gloss over). Even if gitlab lacks those things curently (but I think for example it does support short hashes), it's easy to imagine them showing up somehow retroactively.
If you're just agreeing with the grandparent post that github's naming ("private") is misleading or that the fork feature encourages this mistake: agreed.
Curious to know if any git hosting service does support gc-ing under user control.
> if I want to host something private, I will choose another vendor.
Or you know, self-host, preferrably on-prem.
Basic git hosting only needs a sshd running on the server. If you want collaborative features with a web UI then there are solutions for that available too.
Or commit an ecryptfs.
Clone and mount, unmount and commit
extremely annoying, but only true private option on somebody's else computer.
i read headlines like the above with the implied "not just to the employees there anymore"
Which vendors work best for private projects?
gitea works well. Use that on your own network.
You could consider GitLab.. though this only seems to affect private forks of public repos.
I've been happy with Jetbrains Space (now Space Code); but I'm using it for private, professional work and paying for it, so perhaps that isn't what you mean.
JetBrains Space, Atlassian Bitbucket, GitLab (also On-Premises), Gitea
Order does not indicate any preference.
I've used both Bitbucket and Azure in the corporate world.
Sourcehut :)