I wonder if it’d be feasible to make a fediverse github
Comment on 700+ self-hosted Git instances battered in 0-day attacks
1984@lemmy.today 2 months ago
People have open registration om those things… Thats… Brave…
Lightfire228@pawb.social 2 months ago
JackbyDev@programming.dev 2 months ago
Git is already a distributed version control system.
Lightfire228@pawb.social 2 months ago
But it doesn’t have any built-in concept of users, write permissions, or authentication (except for commit signing)
Hosting an unauthenticated git repo would be the equivalent to an open ssh port with no password
Not to mention collaborative things like issue tracking, PRs, forums, etc
JackbyDev@programming.dev 2 months ago
Forgejo has all that, and then you can achieve “federation” by virtue of pushing to whatever remote. I wasn’t suggesting people use git itself (which is possible). I just meant that it’s distributed as opposed to centralized like Subverison is.
Jason2357@lemmy.ca 2 months ago
Its coming: codeberg.org/…/FederationRoadmap.md
eutampieri@feddit.it 2 months ago
There was a discussion on Forgejo and ActivityPub IIRC
dariusj18@lemmy.world 2 months ago
An interesting similar idea is github.com/gitsocial-org/gitsocial
“Decentralized open-source Git-native social network”
ITGuyLevi@programming.dev 2 months ago
I keep mine accessible from the internet, its just more useful to me like that. I do have registration disabled though and SSO is handled by Authentik so it could be worse (my personal goal has just been to not be the easiest target, perfect security is a myth in my mind).
Jason2357@lemmy.ca 2 months ago
Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.
I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.
possiblylinux127@lemmy.zip 2 months ago
You could also throw it behind mTLD
ITGuyLevi@programming.dev 2 months ago
I could, but then I would have issues getting to it from work; from the bit I’ve read about mTLS, it’s not really indended for my use case, I think I’ll just stick with TLS.
irmadlad@lemmy.world 2 months ago
My motto is ‘Users cause complexities and complexities cause problems’.
possiblylinux127@lemmy.zip 2 months ago
It is because it is the default
quick_snail@feddit.nl 2 months ago
Well that kinda kills collaboration
1984@lemmy.today 2 months ago
Yeah. If I needed collaboration, I would just whitelist their ips or require everyone involved to use Wireguard vpn, Tailscale or other solutions that allows access without being publically exposed.
quick_snail@feddit.nl 2 months ago
That kills collaboration from new people who just, like, discovered your project on some Lemmy thread
Natanael@infosec.pub 2 months ago
They can still collaborate old school way. You can publish static mirrors of git, then take email patches lol
greedytacothief@lemmy.dbzer0.com 2 months ago
I do the same thing. Anything I put on there isn’t something that I would share with the Internet anyway. If it was a serious project, sure. It’s just nice to have a personal git you can access over a VPN sometimes.
quick_snail@feddit.nl 2 months ago
I can’t understand why anyone would waste time writing code that won’t be shared
mic_check_one_two@lemmy.dbzer0.com 2 months ago
Personal projects. Not everything has to be FOSS. My tiny little script to automate my lights turning green and my smart speaker playing All-Star by Smash Mouth at full volume, so I can jork it in peace? That shit doesn’t need to be public.
communism@lemmy.ml 2 months ago
For personal use? To automate tasks you do or solve a problem you have?
mko@discuss.tchncs.de 2 months ago
For personal use. As someone you has all my non-trivial creations, including dot-files and scripts I replicate between machines, in repos since CVS has a thing it’s a habit. Version control. This stuff is mostly private but not secret, why should I have it public?
uncouple9831@lemmy.zip 2 months ago
Don’t kink shame,.man
greedytacothief@lemmy.dbzer0.com 2 months ago
Dunno, I just don’t believe my NixOS config files are particularly valuable. What is the benefit of sharing garbage code from a novice? I’d rather share things worth sharing, that could be useful to someone else.
Jason2357@lemmy.ca 2 months ago
You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.