the single most important criteria when replacing Github
https://joeyh.name/blog/entry/the_single_most_important_criteria_when_replacing_Github/
Consider all the data that's used to provide the value-added features on top of git. Issue tracking, wikis, notes in commits, lists of forks, pull requests, access controls, hooks, other configuration, etc.
Is that data stored in a git repository?
@boobs_idiot that statue park (in Oslo) is kind of amazing, I randomly wandered through it once, mind repeatedly blown.
course, the features you get access to by meeting those criteria are also not free software due to the Open Core, so..
"Open source projects: any project that uses a standard open source license and is non-commercial. It should not have paid support or paid contributors."
-- gitlab demonstrates ... something ... about their understanding of free software.
After someone stole money out of my Wells Fargo account, it fell below the minimum balance.
So, Well Fargo charged it a service fee. Two months in a row. After the fradulent transactions had already been reversed.
The second service fee was because the first service fee caused the account to fall below minumum balance again. Third service fee expected..
Obviously, I'm closing the account, it was only open in a failed attempt to get my Liberapay income transferred.
upcoming tech conference Show more
@jamey that's kind of hilarious, cuz sourceforge was originally going to be a free software *archival* service called Cold Storage, before it pivoted. Still have the t-shirt.
@bhaugen an nice tool to have would be a way to generate a gpg key pair from your ssb key pair.
(And vice-versa.)
Then you could gpg sign git tags with your ssb key and push to git-ssb, and ssb users could verify your signature using git's gpg integration.
However, anyone can overwrite any tag in git-ssb, which allows a DOS attack.
And people are not exactly great at remembering to check signatures either, especially given git's current interfaces for it.
Given #Github's success at embracing and extending git, and Microsoft's well-documented E&E aspirations, I wonder to what extent this is a talent aquisition?
@bhaugen the only attacker who can do that is the original creator of the colliding commit, when they originally created it.
A sha1 preimage attrack would be necessary for any stronger attack.
And tags add no security unless gpg signed.
No idea what you mean with the message ids and dags and stuff.
@mwpdx except for the typical TOS problem of being subject to change at any time and 99.9% of users then accepting whatever the new one is.
@mwpdx gitlab's TOS seems fine actually. (IANAL)
@mwpdx this is why github's TOS, where they require you to give them a license to your software and waive moral rights to it, is concerning
(I see they've slightly tweaked the language since I blogged about the problems with it, but they still have considerably vague language in there.)
@cwebber https://www.goodreads.com/book/show/15784870-playing-at-the-world will probably answer this question in whatever level of detail you want. (I only took in the first hundred pages or so of detail)
So, it's now possible to create a legitimate git repository that Github will refuse to let be pushed to it. The repository is completely safe as long as users are keeping current with security fixes.
This seems to have some interesting applications on the "no I don't accept the Github TOS" front.
hacker news - Show more
@ajroach42 equally plausible explanations: 1) google had a bug 2) google had a hardware failure
But it's cloud, so not trendy to consider such possibilities..
non-paying customer. noun. Citizen of the plutocracy (2018 usage)
"Starbucks opens its bathrooms to non-paying customers"
@jk 10yr old me would me disgusted that I have a computer 10 thousand times more powerful than his, that I use as a 5v and 3.3v breadboarding supply and basically don't run any software on at all.
But kind of fascinated that I can't even guess how many computers I have.
