This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
leave Github #795
Comments
|
This is a well presented argument, however, I personally don't feel it has merit. The hosting platform had nothing to do with the content of the project. The two are mutually exclusive. While I value privacy, moving to a lesser used platform would only hurt development by ostracizing many developers who don't use the lesser known platforms. On a personal note, I don't find several of your points offensive, and would in fact find them as reasons to support GitHub. If hosting the project on GitHub somehow affected the credibility of the project, or endangered the ability to continue development, I would agree with you about moving. However, none of those things are currently true. As such, moving seems like an attempt to cut one's nose off to spite one's face and would likely cause more harm than good. |
You don't really have that separation when the bug tracker and version control are both mutually inclusive on the same platform. The bug tracker is where users and developers collaborate. The quality of the project depends on bug reports being filed. U/C targets privacy enthusiasts, the values of most of whom are entirely out of alignment with the privacy abuses of MS and Amazon. So the bug tracker is being hosted on a controversial platform that is highly objectionable to the community the project needs bug reports from. In effect, privacy enthusiasts are expected to create accounts and feed the platform of privacy abusers. UC is not the only privacy focused project that uses Github. I've seen cases of bugs actually going unreported as a consequence of a project being trapped in MS's walled-garden. If there is a real justified need to use github on the basis that some must-have feature is missing from notabug or codeberg, then a separate bug tracker is needed. |
|
Privacy enthusiasts will be using burn accounts and temporary emails anyway. Creating an account shouldn't be a problem. There are far more contributors who do use the platform than those who don't. Unless you can show some kind of proof otherwise, in which case I'd side with you. Sheer user base statistics suggest that this is the best place for exposure. |
|
Yes, privacy enthusiasts will just use burn accounts everywhere, there is no need for anyone to know who they are, but I'd say privacy enthusiasts who are also programmers prefer to be pseudo-anonymouse, in the sense that noone knows who they are irl but they can be still be identified by a nickname and/or an email (like a gpg key).
there are 314 forks from which only 30-40 have contributed to the project, and from those only 8 have contributed recently, and from those only 4 are actively contributing (not counting issues ofc).
The project doesn't have to be hosted in some mainstream git repository for it to have exposure. Examples would be linux and the gnu project. Linux isn't developed in github (it has a mirror repo though) but it is used everywhere. Same with GNU, no github, no mirror repo, their own server, and people use the GNU tools a lot, like GCC or the coreutils. |
Privacy enthusiasts are committed to privacy and do not support the list of privacy abuses in the OP. Creating a burner account serves to enable MS and Amazon. Privacy enthusiasts also use Tor. GH recently forced Tor users to complete an email verification. This went on for a week. During that time my login attempts were to report bugs and I decided I could not be bothered with the burden of verification. I did not file the bug reports and I did not bother to note the bugs either (I didn't know access would improve). Those bugs got forgotten not filed. I've used my GH account to report bugs as a proxy for other privacy advocates (who refuse to use or cannot use github). I'll delete my account eventually and when that happens those I'm proxying for will simply withhold their reports too. It's a lousy platform for any privacy-centric project and it sends a conflicting message. Consumers of the project have good reason to question the degree of privacy focus a GH-hosted project can have considering the developers are putting convenience above privacy. |
|
@bruceleerabbit ungoogled-chromium has some non-trivial dependencies on GitHub-specific services, namely Pages and CI integration, that would take some effort to switch over. I don't have the time or interest to do that right now. If someone wants to create a mirror or look into this, that's fine by me. |
Gitlab has Gitlab Pages and there is offered CI on Gitlab, I build my ppc64le ungoogled-chromium fork with Gitlab CI |
|
@leo-lb Gitlab as a service is a non-starter from a privacy standpoint but self-hosting using Gitlab software may be a good approach. |
|
This how Github has started treating Tor users upon login: If this continues, I may only be willing to login on Github if it's to sway projects away from Github. |
|
Created mirror on Codeberg.org: https://codeberg.org/Eloston/ungoogled-chromium So far I'm liking Gitea, but I don't want to migrate to anything yet until I've used Gitea more and I've used Codeberg.org more (it's a relatively new service) |
|
Thanks @Eloston. It's noble of you to take time to experiment with the idea of leaving MS Github. The "issues" link of the codeberg mirror redirects to github. I would conjecture the bulk of repository users are simply using the bug tracker to report bugs. So if it turns out that a full move to codeberg is too problematic for some reason, perhaps codeberg could at least be used for bug tracking so users can report bugs without being subject to MS Github 2FA inconveniences and privacy abuses. |
|
@bruceleerabbit A few things:
|
|
@bruceleerabbit in my experience, it only acts this way when you don't have 2fa enabled. |
|
Disabling any kind of verification for Tor/blacklisted vpn ip users is begging for the site to be invaded with bots. These problems are always going to make someone angry no matter how you choose to solve them. |
|
am I missing something or
but the wiki cannot be searched: https://codeberg.org/Freeyourgadget/Gadgetbridge/wiki |
What does that mean? Is it a UC bug or codeberg bug? |
You can do as some projects have done: host the code on a libre code hosting platform but keep using GitHub as a code mirror and an issue tracker; You're not gonna lose anything this way. |
|
@auroralane7 I don't see the point of pushing code only to Codeberg if the issue tracker remains on GitHub. EDIT: That is, it seems silly to push code and do PRs on Codeberg but post issues on GitHub. |
|
The device verification already burned my account and all projects contained within. It was many years old. You used to and still can sign up with a temporary email. If then your IP or device fingerprint changes, its by bye birdie. No idea if 2FA can be used without a phone or other de-anonymizing process. |
|
@Eloston my suggestion is: don't do it. You will only harm your free time and project, the latter with long-standing consequences often difficult to measure. Pick your fights wisely, and although there is an ethical and practical problem as outlined by several users here, don't pick every fight. |
|
I want to point out that use of "burner accounts" as suggested in this thread is a GitHub ToS violation. I've been personally threatend with account deletion because a corporation made a frivilous complaint to GitHub. GitHub then demanded I dox myself, and when I refused they said I was violating the multiple account policy. The only reason I didn't get deleted was because the ToS carves out an exception for automated stuff, which is what I was doing. |
|
I have no stake in this specific project, as I don't use it, nor do I contribute to it, though I had a quick suggestion. Perhaps a mailing list can be started for individuals to send PRs to. This process is the original intended method for PRs. This means that individuals who want to contribute, but don't want to open a GitHub account, they can clone the repo through either GitHub or an alternative mirror, and email patches to the mailing list for it to be reviewed, and/or accepted and merged. |
Some older versions of UC cannot login to Codeberg. The bug was reported to Codeberg, and they have not fixed it because it only affects old versions. It's unclear which project has the bug. @RandomErrorMessage Thanks for the heads up. That actually serves as another reason to not use github. @fugkco When a project is on Github indeed it's important to have a means to communicate outside of GH because GH discourages bug reports. A survey shows that a significant number of bug reports are withheld when the bug tracker is inside a restrictive or politically controversial walled-garden like MS Github or gitlab.com. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
and others
Abandon Github
Ungoogled Chromium caters for privacy enthusiasts, and yet the development platform is hosted by Microsoft -- a privacy abuser. To improve the credibility of the Ungoogled Chromium project and attract privacy-respecting developers, it's important that UC move away from Github.
Privacy problems with Microsoft Github
Alternatives
@spamgourmet.comforwarding email address to track spam and to protect their more sensitive internal email address.Going forward
I suggest moving to Codeberg.org or Notabug.org.
The text was updated successfully, but these errors were encountered: