I wonder if it’d be feasible to make a fediverse github
Comment on 700+ self-hosted Git instances battered in 0-day attacks
1984@lemmy.today 1 month ago
People have open registration om those things… Thats… Brave…
Lightfire228@pawb.social 1 month ago
JackbyDev@programming.dev 1 month ago
Git is already a distributed version control system.
Lightfire228@pawb.social 1 month ago
But it doesn’t have any built-in concept of users, write permissions, or authentication (except for commit signing)
Hosting an unauthenticated git repo would be the equivalent to an open ssh port with no password
Not to mention collaborative things like issue tracking, PRs, forums, etc
JackbyDev@programming.dev 1 month ago
Forgejo has all that, and then you can achieve “federation” by virtue of pushing to whatever remote. I wasn’t suggesting people use git itself (which is possible). I just meant that it’s distributed as opposed to centralized like Subverison is.
Jason2357@lemmy.ca 1 month ago
Its coming: codeberg.org/…/FederationRoadmap.md
eutampieri@feddit.it 1 month ago
There was a discussion on Forgejo and ActivityPub IIRC
dariusj18@lemmy.world 1 month ago
An interesting similar idea is github.com/gitsocial-org/gitsocial
“Decentralized open-source Git-native social network”
ITGuyLevi@programming.dev 1 month ago
I keep mine accessible from the internet, its just more useful to me like that. I do have registration disabled though and SSO is handled by Authentik so it could be worse (my personal goal has just been to not be the easiest target, perfect security is a myth in my mind).
Jason2357@lemmy.ca 1 month ago
Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.
I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.
possiblylinux127@lemmy.zip 1 month ago
You could also throw it behind mTLD
ITGuyLevi@programming.dev 1 month ago
I could, but then I would have issues getting to it from work; from the bit I’ve read about mTLS, it’s not really indended for my use case, I think I’ll just stick with TLS.
irmadlad@lemmy.world 1 month ago
My motto is ‘Users cause complexities and complexities cause problems’.
possiblylinux127@lemmy.zip 1 month ago
It is because it is the default
quick_snail@feddit.nl 1 month ago
Well that kinda kills collaboration
1984@lemmy.today 1 month ago
Yeah. If I needed collaboration, I would just whitelist their ips or require everyone involved to use Wireguard vpn, Tailscale or other solutions that allows access without being publically exposed.
quick_snail@feddit.nl 1 month ago
That kills collaboration from new people who just, like, discovered your project on some Lemmy thread
Natanael@infosec.pub 1 month ago
They can still collaborate old school way. You can publish static mirrors of git, then take email patches lol
greedytacothief@lemmy.dbzer0.com 1 month ago
I do the same thing. Anything I put on there isn’t something that I would share with the Internet anyway. If it was a serious project, sure. It’s just nice to have a personal git you can access over a VPN sometimes.
quick_snail@feddit.nl 1 month ago
I can’t understand why anyone would waste time writing code that won’t be shared
mic_check_one_two@lemmy.dbzer0.com 1 month ago
Personal projects. Not everything has to be FOSS. My tiny little script to automate my lights turning green and my smart speaker playing All-Star by Smash Mouth at full volume, so I can jork it in peace? That shit doesn’t need to be public.
communism@lemmy.ml 1 month ago
For personal use? To automate tasks you do or solve a problem you have?
mko@discuss.tchncs.de 1 month ago
For personal use. As someone you has all my non-trivial creations, including dot-files and scripts I replicate between machines, in repos since CVS has a thing it’s a habit. Version control. This stuff is mostly private but not secret, why should I have it public?
uncouple9831@lemmy.zip 1 month ago
Don’t kink shame,.man
greedytacothief@lemmy.dbzer0.com 1 month ago
Dunno, I just don’t believe my NixOS config files are particularly valuable. What is the benefit of sharing garbage code from a novice? I’d rather share things worth sharing, that could be useful to someone else.
Jason2357@lemmy.ca 1 month ago
You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.