I wonder if it’d be feasible to make a fediverse github
Comment on 700+ self-hosted Git instances battered in 0-day attacks
1984@lemmy.today 4 days ago
People have open registration om those things… Thats… Brave…
Lightfire228@pawb.social 4 days ago
JackbyDev@programming.dev 4 days ago
Git is already a distributed version control system.
Lightfire228@pawb.social 3 days ago
But it doesn’t have any built-in concept of users, write permissions, or authentication (except for commit signing)
Hosting an unauthenticated git repo would be the equivalent to an open ssh port with no password
Not to mention collaborative things like issue tracking, PRs, forums, etc
JackbyDev@programming.dev 3 days ago
Forgejo has all that, and then you can achieve “federation” by virtue of pushing to whatever remote. I wasn’t suggesting people use git itself (which is possible). I just meant that it’s distributed as opposed to centralized like Subverison is.
Jason2357@lemmy.ca 3 days ago
Its coming: codeberg.org/…/FederationRoadmap.md
eutampieri@feddit.it 4 days ago
There was a discussion on Forgejo and ActivityPub IIRC
dariusj18@lemmy.world 3 days ago
An interesting similar idea is github.com/gitsocial-org/gitsocial
“Decentralized open-source Git-native social network”
ITGuyLevi@programming.dev 4 days ago
I keep mine accessible from the internet, its just more useful to me like that. I do have registration disabled though and SSO is handled by Authentik so it could be worse (my personal goal has just been to not be the easiest target, perfect security is a myth in my mind).
Jason2357@lemmy.ca 3 days ago
Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.
I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.
possiblylinux127@lemmy.zip 3 days ago
You could also throw it behind mTLD
ITGuyLevi@programming.dev 3 days ago
I could, but then I would have issues getting to it from work; from the bit I’ve read about mTLS, it’s not really indended for my use case, I think I’ll just stick with TLS.
irmadlad@lemmy.world 4 days ago
My motto is ‘Users cause complexities and complexities cause problems’.
possiblylinux127@lemmy.zip 4 days ago
It is because it is the default
quick_snail@feddit.nl 4 days ago
Well that kinda kills collaboration
1984@lemmy.today 4 days ago
Yeah. If I needed collaboration, I would just whitelist their ips or require everyone involved to use Wireguard vpn, Tailscale or other solutions that allows access without being publically exposed.
quick_snail@feddit.nl 4 days ago
That kills collaboration from new people who just, like, discovered your project on some Lemmy thread
Natanael@infosec.pub 4 days ago
They can still collaborate old school way. You can publish static mirrors of git, then take email patches lol
greedytacothief@lemmy.dbzer0.com 4 days ago
I do the same thing. Anything I put on there isn’t something that I would share with the Internet anyway. If it was a serious project, sure. It’s just nice to have a personal git you can access over a VPN sometimes.
quick_snail@feddit.nl 4 days ago
I can’t understand why anyone would waste time writing code that won’t be shared
mic_check_one_two@lemmy.dbzer0.com 4 days ago
Personal projects. Not everything has to be FOSS. My tiny little script to automate my lights turning green and my smart speaker playing All-Star by Smash Mouth at full volume, so I can jork it in peace? That shit doesn’t need to be public.
communism@lemmy.ml 4 days ago
For personal use? To automate tasks you do or solve a problem you have?
mko@discuss.tchncs.de 4 days ago
For personal use. As someone you has all my non-trivial creations, including dot-files and scripts I replicate between machines, in repos since CVS has a thing it’s a habit. Version control. This stuff is mostly private but not secret, why should I have it public?
uncouple9831@lemmy.zip 4 days ago
Don’t kink shame,.man
greedytacothief@lemmy.dbzer0.com 3 days ago
Dunno, I just don’t believe my NixOS config files are particularly valuable. What is the benefit of sharing garbage code from a novice? I’d rather share things worth sharing, that could be useful to someone else.
Jason2357@lemmy.ca 3 days ago
You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.