Thanks for the share, I deal with containers and their security often.

A couple of good practices I add.

1.) if you’re going to pull from a CR/Dockerhub lock your tagged release to the specific semantic version you’re able to inspect. Pulling latest may have unintended results or introduce new things.

2.) When possible clone upstream repo on the release you like and build on your own without pulling from a CR

Thanks for sharing this, I enjoyed reading it

This isn’t so much arguing for not using GitHub, as for not only using GitHub. GitHub is where people actually are, so if you want tor each them that’s where you have to be, but make sure to keep a safe copy elsewhere.

I keep most of my projects on my own gitea instance and just do remote mirroring. I’m still working on interacting with github and gitlab cross-instance.

I’d say the best way to help at the moment would be to help testing there before starting an instance.

Thanks, I’ll get that started. I can launch many test instances (10) if we want to do a big test.

Thanks all.

I’m spinning mine up today to test and try to federate.

I’m hoping to change a lot of the theme to match my other services

I run a personal gitea with tor v3 gateway. I see no problem with it. Pretty simple to stand up.

We’ve watched them pull the gatekeeping nonsense for the last year. I’ve bait-posted r/privacy just to watch them squirm. If you’re not doing it their way, you’re not being privacy-aware.

Yet most of them are on Linkedin, YouTube, etc.

I do not claim mastery nor expertise. But I’m able to control my operating model without turning into some sort of weaponized tryhard

I like the idea of this, however I don’t utilize mobile phones so until a desktop client emerges hard to justify but interesting project’