"secure alternative"? Others are not secure?
Open Source
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
Didn't you know? This cloud provider offers lead-free, gluten-free computing services without antibiotics! Also it's not tested on animals!
or maybe it's trying to highlight that it's also secure?
I guess it depends on your threat model, but if you're dealing with mission critical proprietary code then it should really never be leaving your own companies infrastructure, imo. If for some reason it is necessary to use enterprise cloud hosting, established actors like Github, Gitlab or even Bitbucket still seem like the obvious choice.
The issue is this "Gitea Ltd." company (or is it "CommitGo Inc." now? honestly pretty confusing...) which appears to have been created with the singular purpose of monetizing Gitea, appeared out of thin air with no input from the community that actually develops Gitea. They're basically saying "you can't trust those other smelly hosts that have existed for years and have contracts with tons of huge companies, but you should definitely trust us with your stuff bro!". Seems off to me.
Are they actually stating "secure alternative"? I only see this on the Lemmy post but not on the linked site. Of course, there is "Security & Compliance", but not in distinction to GitHub or Gitlab
From the way the explain it this is just "more secure" but only if you use a shared VPS for your hosting, which I have no idea what percentage of hosters do. Seems like confusing but valid marketing to me.
Everyone here is just ignoring the fact that this gitea is not the same gitea it used to be
The new one is called forgejo, and everyone should use that instead of gitea
What is wrong with gitea? Is not forgejo just a slightly modified fork that is regularly synchronized with gitea codebase? I know nothing about motivation of forgejo authors, where can I read about it?
I'll try to summarize:
- Gitea is managed by a For-Profit that apparently popped out of nowhere -> profit motive conflicts directly with FOSS and since the corp isn't well known it must be assumed acquisition was solely to make money
- Gitea now requires Copyright attribution, meaning if you push code to Gitea in an existing file it ain't your code anymore -> omega level oof for a FOSS project because this essentially kills any upstream contributing (as seen by Forgejo deciding to stop their contributions)
- This Cloud Service being offered when Self-Hosting Gitea is really easy, again -> profit motive conflicts with FOSS but now on steroids because a "core" feature of their service will limit their ability to make more money
Thanks for explaining it, because it's a long and complex story I didn't want to type 😅
Also, probably the most touching point is how this happened. Gitea was a community project, and they were electing a leader every year or so, and giving them all the passwords (and it seems like the rights for the project, although it's not stated anywhere) This "out-of-nowhere" company is just one the temporary presidents that hijacked all the domains, repos, etc. Registered a for-profit company and transfered everything there
The community itself wrote an open letter wanting explanations And at the end they forked gitea into forgejo
That's a very selective truth way of telling the story. While what you wrote is technically correct, the "temporary president" in question is one of the founders and has been reelected for the position every time. He also did it together with some other core contributors, so while I agree that this was communicated incredibly poorly with the wider community, this wasn't a hostile takeover at all.
I consider it a hostile takeover because the majority of the community was betrayed by their actions, and they switched from a democratic to a fascist governance model
It was absolutely a hostile takeover. And now the copyright thing. It's obvious what they want to do with the former community project.
Fortunately the awesome Forgejo fork exists.
I've seen my fair share of projects where one of the main contributors/founders took the project commercial. It's never smooth. There will always be a part of the community that feels that open source principles are being bent or trampled.
This a good point, the story i'm telling came from the open letter, and at that point only one guy was considered responsible, and a lot of people signed the letter
But I really consider it a serious takeover, there was a democracy, and then some of the people used their power to turn it into authoritarianism
edit: anyway, I really appreciate your point of view, and just wish everything in the world would be foss and nonprofit and hugs and kisses 😔
Thank you!
TIL
What happened to gitea? Been hearing more about Forgejo recently but haven't checked it out yet
It's also pretty easy to just roll your own gitea server.
How does it distinguish itself from GitLab?
IME it's way easier to self-host
From my personal experience running GitLab and Forgejo (Gitea Drop-In replacement/Fork):
- Gitea/Forgejo is easier to get running
- UI is less bloated/faster
- GitLab redesigned their UI and imo it's shit now
- No features locked behind a "Pro" Version (Pull or Bidirectional mirrors are for example unavailable on GitLab self-hosted unless you shell out for premium)
- Gitea Actions is a lot more intuitive than GitLab CI, this is likely personal preference but it's still an important factor
I have no experience with forgejo but I agree with all of the above in terms of gitea v gitlab
Forgejo has different development priorities but feature wise they should be identical since the Forgejo devs also push their code upstream into Gitea
huh, would you look at that. Pretty stupid move and something that makes this entire thing even more suspect. Glad I picked Forgejo over Gitea
I didn't have a horse in the race when I was looking to self-host git, but I quickly backed Forgejo when the news came out re: Gitea
Thirded
Definitely agree on the UI part. The UI of Gitea/Forgejo is very intuitive and easy to understand. When you go to a repository you just have the tabs to go to issues etc. and you can always see those at the top. The first time I used GitLab, I found it very unintuitive. There were 2 sidebars on the left side with their respective buttons right on top of each other. Issues and stuff are also in the sidebar, so I couldn't find them immediately.
Also, with gitea the table of contents for org files are properly rendered in HTML as it should be. As someone that uses org-mode this is a reason to avoid gitlab.
But for most people I'd say the less resources that gitea requires means you save on compute and ultimately is cheaper to host.
I've been running my own gitea server on kubernetes and with istio for over 3 years with no issues.
I have honestly no idea what the GitLab devs did but their service is such an incredible memory hog it's insane. Obviously GitLab has a pages service tacked onto it but my GitLab instance (mostly legacy but a friend still uses it so it keeps chugging along) eats a whole 5GB of RAM while my Forgejo Instance only uses 200MB. I have no idea where all of that memory is going because it sure as hell isn't going into responsitivity. I've no idea if I configured something wrong or if it's GitLab pages but it's still excessive
Gitlab used to be cute, small, and innovative (as in open). But now it's too bloated. Gitlab CI is not well designed and half-baked.
Hey now! Gitlab ci is totally fine so long as your simply running your build.sh file out of it. Anything more and your risking madness.
It does need only a fraction of the resources.
GitLab is mean for large enterprise environments. It's overkill for most users. Gogs/Gitea/Forgejo focus on simplicity. These are also pretty easy to self-host.
I'm still bummed that Bitbucket is going cloud-only. We've been using it on-premises for years and it has been lovely. Atlassian must be concerned that their customers won't follow them into the cloud bc they just sent out a customer survey (about two years two late).
The enshittification of Bitbucket started when they dropped Mercurial support. It's been a downward slide since then.
Wasn’t the project bought out by some company, that now is behind this cloud service?
No, some of the core Gitea developers decided to incorporate a Hongkong based for profit company to better monitize services offered to companies.
This by itself is not such a bad idea, but it was communicated incredibly poorly with the community left in the dark for at least half a year and the subsequent fallout was also dealt with poorly.
I think the best way forward for self-hosters is Forgejo because of that, but that doesn't mean Gitea is currently a bad choice.
That's why the fork Forgejo was made. Codeberg uses that fork as well.
Codeberg is iirc the main entity behind it, at the very least they are using some of their funds to support it
I think they aren't the ones who made the fork tho but just the ones with the most resources out of everyone working on the project. Correct me if I'm wrong.
I would be less critical of this if it was not the same company managing Gitea, it seems like a decent enough platform but having Gitea be OpenSource is a detraction from possible profits because nothing stops anyone from creating a service like this for cheaper.
I hope the company behind this stays on the good path but I'm not holding my breath, I'll be sticking to Forgejo for the time being.
Anybody interested in a plain git server with Cgit as a front-end? It's fast