Comment by ponkpanda
7 hours ago
Repo hosting is the kind of thing that ought to be distributed/federated.
The underlying protocol (git) already has the cryptographic primitives that decouples trust in the commit tree (GPG or SSH signing) with trust in the storage service (i.e. github/codeberg/whatever).
All you need to house centrally is some SSH and/or gpg key server and some means of managing namespaces which would benefit from federation as well.
You'd get the benefits of de-centralisation - no over-reliance on actors like MS or cloudflare. I suppose if enough people fan out to gitlab, bitbucket, self hosting, codeberg, you end up with something that organically approximates a formally decentralised git repo system.
https://radicle.xyz/ is a project aiming to do exactly this.
I have zero trust in the average dev managing signing keys properly
> Repo hosting is the kind of thing that ought to be distributed/federated.
Hence Tangled and ForgeFed (which I believe is integrating in Forejo)
I hadn't heard of either of these, but I'm interested.
I think at this point the bigger barrier to me with leaving GitHub (professionally, at least) is all the non-GitHub stuff that integrates nicely with it and badly or not at all with other solutions. And like, I don't blame tool providers for making a rational economic choice in that regard, but if leaving GitHub means leaving seamless Sentry, Depot, Linear, editor plugins, AI integrations, etc that makes it a tougher pill to swallow.
I worked for years at a shop that had in-house GitLab and we felt this pain first hand all the time. GitLab tries to be a one-stop shop and own the whole project management and testing/deployment workflow by building everything in house, but there were always gaps and it was hard not to be jealous of places that just did everything on GitHub and could use whatever best in class saas stuff they wanted.
Gitlab has been tracking a federation feature since at least 2018 [1], and I expect bitbucket, sourcehut, gitea, and others would move quickly on something like this as well, but there needs to be a protocol defined and some kind of plan for handling spam/abuse.
[1]: https://gitlab.com/groups/gitlab-org/-/work_items/16514
git-bug[1] looks promising, but I haven't tried it.
[1] https://github.com/git-bug/git-bug