trash

You can download all Github projects, and wikis, because they’re all based on Git, and the only ‘extensions’ particular to Github are CLI specs, and issues, which can also be ported easily.

Technically correct (although you’d need to migrate Github Actions also, which is yet another beast), but politically misguided. Migrating from Github as a organization (a closed pool of contributors) is a rather easy task that’ll take you a week worth of work.

The actual problem is that Github acts as a centralized social network for developers and represents the biggest contributors pool across the FLOSS ecosystem. As a volunteer-run project, moving away from Github means loosing much visibility and many contributors. I’m not saying it’s not worth it, but it’s not just a technical question of whether that’s possible.

Also worth noting that we have many alternatives but none of them are specified/interoperable. I have a longer blog post exploring that question if you’re interested.

@Ghast
link
fedilink
19M

Nice blog post, and always nice to see RSS feeds.

I’ve never had practical trouble downloading scripts and identifying the creators, because I use package managers. I think the best general solution for normal end-users getting packages they can trust is always a well-audited package manager.

And of course, the GPG key solution seems to work well enough for coders.

I can’t imagine a general solution to Github workflows. I use Gitlab’s CI for LaTeX documents, but terraform code would obviously be better for other projects. I sounds like disparate solutions is a good idea.

Nice blog post, and always nice to see RSS feeds.

Thanks! The RSS feeds are generated by Zola, the SSG i use (and contribute to sometimes).

I think the best general solution for normal end-users getting packages they can trust is always a well-audited package manager.

I entirely agree! And i personally don’t think that distro packaging is dead (or should die), but i do believe there’s a crisis in the field: nix/guix certainly represent a far better model in a day and age where there are dozens of thousands of packages to maintain for many architectures.

The Debian/Fedora packaging system makes it more complex than it has to be to just push an update because most of the steps have to be done manually. Of course, i appreciate when some packages are maintained by trustworthy people inspecting the changelog, but no distro has the energy to do that for all packages…

I can’t imagine a general solution to Github workflows

Do you mean for CI/CD? I don’t understand why we need Github Actions at all. If only we could have a standardized protocol/vocabulary (like ForgeFed/ForgeFriends) to subscribe to updates across different forges, we could have pretty basic/standard tooling performing tasks as we like them.

Privacy
!privacy
Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 9 users / day
  • 20 users / week
  • 94 users / month
  • 298 users / 6 months
  • 5.57K subscribers
  • 2.06K Posts
  • 7.65K Comments
  • Modlog