I’m a current gitea user… should I be moving to forgejo?
Comment on 700+ self-hosted Git instances battered in 0-day attacks
Lem453@lemmy.ca 4 days ago
If i remember correctly on my gitea (now forgejo) the default is open registration which really shouldn’t be the case for projects that are targeted towards self hosters.
My inital install was a long time ago so I don’t remember for sure
AmbiguousProps@lemmy.today 4 days ago
victorz@lemmy.world 4 days ago
Yes, even without this current news.
AmbiguousProps@lemmy.today 4 days ago
Thanks! I’ll add it to the todo list.
klangcola@reddthat.com 4 days ago
I just did it not long a ago. Gittea -> Forgejo10 -> Forgejo11 LTS, in Docker. Surprisingly quick, painless and smooth.
(My only issue was not Forgejo, but MySQL. Because the hardware is ancient and Docker compose pulled down a new version of mysql8 at the same time as pulling forgejo. New version of mysql8 didnt support my CPU architecture. Easy fix was to change the label mysql8oraclelinux7 in Docker compose and pull that image. There is a issue with solutions in the MySQL Docker GitHub repo)
jjlinux@lemmy.zip 4 days ago
Doesn’t seem like Gitea has that issue, and just keep registrations disabled if possible and if your projects allow, avoid symlinking.
EncryptKeeper@lemmy.world 4 days ago
Reading between the lines I feel like when you say “Targeted towards self hosters” what you mean is “John Q Hobbyist who doesn’t know any better”
And in response to that I would contend that Gitea is not actually targeted at those folks, though they obviously use it. Gitea is FOSS but it’s still “targeted” at professionals.
Jason2357@lemmy.ca 3 days ago
This absolutely. Anyone who actually wants open registration will be configuring their own SSO or whatever backend. The default should be safe for testing and/or hobbyists.
JadedBlueEyes@programming.dev 4 days ago
Yeah in my project open registration is behind an option called
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuselolJackbyDev@programming.dev 4 days ago
Honestly, this is always more effective than a comment in the config because it can get removed. All it would take is a popular guide having the config with that option on and the comment gone.