I wonder if it’d be feasible to make a fediverse github
Comment on 700+ self-hosted Git instances battered in 0-day attacks
1984@lemmy.today 3 weeks ago
People have open registration om those things… Thats… Brave…
Lightfire228@pawb.social 3 weeks ago
JackbyDev@programming.dev 3 weeks ago
Git is already a distributed version control system.
Lightfire228@pawb.social 3 weeks ago
But it doesn’t have any built-in concept of users, write permissions, or authentication (except for commit signing)
Hosting an unauthenticated git repo would be the equivalent to an open ssh port with no password
Not to mention collaborative things like issue tracking, PRs, forums, etc
JackbyDev@programming.dev 3 weeks ago
Forgejo has all that, and then you can achieve “federation” by virtue of pushing to whatever remote. I wasn’t suggesting people use git itself (which is possible). I just meant that it’s distributed as opposed to centralized like Subverison is.
Jason2357@lemmy.ca 3 weeks ago
Its coming: codeberg.org/…/FederationRoadmap.md
eutampieri@feddit.it 3 weeks ago
There was a discussion on Forgejo and ActivityPub IIRC
dariusj18@lemmy.world 3 weeks ago
An interesting similar idea is github.com/gitsocial-org/gitsocial
“Decentralized open-source Git-native social network”
ITGuyLevi@programming.dev 3 weeks ago
I keep mine accessible from the internet, its just more useful to me like that. I do have registration disabled though and SSO is handled by Authentik so it could be worse (my personal goal has just been to not be the easiest target, perfect security is a myth in my mind).
Jason2357@lemmy.ca 3 weeks ago
Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.
I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.
possiblylinux127@lemmy.zip 3 weeks ago
You could also throw it behind mTLD
ITGuyLevi@programming.dev 3 weeks ago
I could, but then I would have issues getting to it from work; from the bit I’ve read about mTLS, it’s not really indended for my use case, I think I’ll just stick with TLS.
irmadlad@lemmy.world 3 weeks ago
My motto is ‘Users cause complexities and complexities cause problems’.
possiblylinux127@lemmy.zip 3 weeks ago
It is because it is the default
quick_snail@feddit.nl 3 weeks ago
Well that kinda kills collaboration
1984@lemmy.today 3 weeks ago
Yeah. If I needed collaboration, I would just whitelist their ips or require everyone involved to use Wireguard vpn, Tailscale or other solutions that allows access without being publically exposed.
quick_snail@feddit.nl 3 weeks ago
That kills collaboration from new people who just, like, discovered your project on some Lemmy thread
Natanael@infosec.pub 3 weeks ago
They can still collaborate old school way. You can publish static mirrors of git, then take email patches lol
greedytacothief@lemmy.dbzer0.com 3 weeks ago
I do the same thing. Anything I put on there isn’t something that I would share with the Internet anyway. If it was a serious project, sure. It’s just nice to have a personal git you can access over a VPN sometimes.
quick_snail@feddit.nl 3 weeks ago
I can’t understand why anyone would waste time writing code that won’t be shared
mic_check_one_two@lemmy.dbzer0.com 3 weeks ago
Personal projects. Not everything has to be FOSS. My tiny little script to automate my lights turning green and my smart speaker playing All-Star by Smash Mouth at full volume, so I can jork it in peace? That shit doesn’t need to be public.
communism@lemmy.ml 3 weeks ago
For personal use? To automate tasks you do or solve a problem you have?
mko@discuss.tchncs.de 3 weeks ago
For personal use. As someone you has all my non-trivial creations, including dot-files and scripts I replicate between machines, in repos since CVS has a thing it’s a habit. Version control. This stuff is mostly private but not secret, why should I have it public?
uncouple9831@lemmy.zip 3 weeks ago
Don’t kink shame,.man
greedytacothief@lemmy.dbzer0.com 3 weeks ago
Dunno, I just don’t believe my NixOS config files are particularly valuable. What is the benefit of sharing garbage code from a novice? I’d rather share things worth sharing, that could be useful to someone else.
Jason2357@lemmy.ca 3 weeks ago
You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.