I’m a current gitea user… should I be moving to forgejo?
Comment on 700+ self-hosted Git instances battered in 0-day attacks
Lem453@lemmy.ca 3 weeks ago
If i remember correctly on my gitea (now forgejo) the default is open registration which really shouldn’t be the case for projects that are targeted towards self hosters.
My inital install was a long time ago so I don’t remember for sure
AmbiguousProps@lemmy.today 3 weeks ago
victorz@lemmy.world 3 weeks ago
Yes, even without this current news.
AmbiguousProps@lemmy.today 3 weeks ago
Thanks! I’ll add it to the todo list.
klangcola@reddthat.com 3 weeks ago
I just did it not long a ago. Gittea -> Forgejo10 -> Forgejo11 LTS, in Docker. Surprisingly quick, painless and smooth.
(My only issue was not Forgejo, but MySQL. Because the hardware is ancient and Docker compose pulled down a new version of mysql8 at the same time as pulling forgejo. New version of mysql8 didnt support my CPU architecture. Easy fix was to change the label mysql8oraclelinux7 in Docker compose and pull that image. There is a issue with solutions in the MySQL Docker GitHub repo)
jjlinux@lemmy.zip 3 weeks ago
Doesn’t seem like Gitea has that issue, and just keep registrations disabled if possible and if your projects allow, avoid symlinking.
EncryptKeeper@lemmy.world 3 weeks ago
Reading between the lines I feel like when you say “Targeted towards self hosters” what you mean is “John Q Hobbyist who doesn’t know any better”
And in response to that I would contend that Gitea is not actually targeted at those folks, though they obviously use it. Gitea is FOSS but it’s still “targeted” at professionals.
Jason2357@lemmy.ca 3 weeks ago
This absolutely. Anyone who actually wants open registration will be configuring their own SSO or whatever backend. The default should be safe for testing and/or hobbyists.
JadedBlueEyes@programming.dev 3 weeks ago
Yeah in my project open registration is behind an option called
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuselolJackbyDev@programming.dev 3 weeks ago
Honestly, this is always more effective than a comment in the config because it can get removed. All it would take is a popular guide having the config with that option on and the comment gone.