While I'm not forgetting the spirit of what Git is, I'm also remembering how GitHub used "all open repositories" to train their first Copilot without telling anyone.

So, no thanks. I'll not be committing any personal code there anymore.

And no, I don't care for the social aspects either. Discoverability, stars, and AI bot powered issue bombardment.

I'm fine like this.

Also, remember, "Open Source is not about You".

Yes, but GitHub is more than just git. The most important aspect of the platform that everybody seems to forget is the social component and how easy it made to create a persistent, off-site repository and collaborate across repos.

Forgejo is doing a lot of work to make the tooling decentralized, too. They are using open protocols and standards to link self hosted forges together.

GitHub centralizes 2 things: Authentication, as well as Repository Hosting.

Does the code really need to be hosted in a central location like this? (Clearly not, which is why people are leaving GitHub in the first place)

But the one part GitHub provides that's genuinely valuable is the social aspect, and when you get a PR from a user named torvalds you can trust that this is in fact Linus. This isn't the case with more distributed systems.

That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.

I agree with this. Moving the git repo is easy, moving the whole project surface is the hard part.

Issues, releases, CI, docs, security advisories, search and discoverability all tend to get coupled to GitHub over time.

For open-source projects, I like the idea of self-hosted as the source of truth, but still keeping a read-only GitHub mirror so people can actually find it.

I don't think anyone is forgetting that, but most people don't care that much about the decentralized part. They care about it being user friendly, free and for companies if it has all the enterprise features / SSO etc. that they need.

"Git is decentralized"

Because is a kind of filesystem.

How a TEAM operate IS NOT.

And that is the point of Github.

There is no escape to the coordination problem!

(And if you say mails, patches, and other asynchronous ways: same thing, more complex)

I think you're forgetting issue tracking and CI.

[delayed]

I also have a self hosted Foregejo on a Pi (but probably not much longer) that acts as a mirror of my GitHub. The main issues I keep facing are:

- Repositories seem to mirror fine for a few weeks and stop. Pretty useless. I have a PAT token for it that does not expire, and yet it seems to claim otherwise, despite the token working elsewhere when I test it.

- Sometimes there is nothing in the logs, sometimes it's the database being locked for some reason. The only thing that uses the database is Forgejo.

- So far I haven't been able to tell if this is Forgejo, crappy SD IO on the Pi causing database locks, or Forgejo sucking at being a mirror.

> It's a shame that all these companies that benefited from open source have poisoned the industry like this

Open Source and the OSI are an industry plant. Look at who sponsors it.

The monopoly hyperscaler conglomerates get free labor and use it to build the world we despise: tracking panopticons, phones we can't install things on, device attestation, browser monoculture with no adblock, etc. etc.

Google made people fall in love with BSD/MIT, and look what it did.

Just a few of the classic plays:

"That Belongs to Us Now" - (1) vendors build stuff like Elasticsearch and Redis, (2) the hyperscalers yoink it into their proprietary offerings and take all the profits, (3) original authors and their companies starve.

"Embrace, Extend, Extinguish" - (1) vendors take an open source project like KTHML or Linux and build their version, (2) they flood the market with their offering, pushing out the competitors, (3) they use anti-competitive means to get their thing in front of all eyeballs, (4) once they have marketshare, they do evil things like add tracking and remove freedoms

Open Source needs to replaced with "freedom for the people, companies must pay". Source available shareware with anti-hyperscaler teeth.

Even Richard Stallman's licenses are not strong enough. CC BY-NC-SA is better.

"Pure" Open Source is corporate welfare. It was a mistake. It enabled giants to hang us with our own rope.

Why would someone gladly provide their work as open source but draw the line at AI reading it and using that knowledge to help more programmers later? It makes no sense to me. I actively want all of my code to be read by AI.

I considered Fossil several years ago and while it's really cool (everything being integrated is awesome), I don't like Fossil from a philosophical perspective. There's no way to clean up history, it preserves everything as is. If that's what you want, great, but as part of my git workflow I like to mess around and then go back and clean up and organize my commits before pushing them.

Thank you for this, GitSocial is a very cool piece of software!

github is a social network. git hosting is just a minor feature. thats why none of these alternatives ever take off .

TIL. Thanks!

Yup, I’ve done this. I use a fly.io proxy that runs nginx, fail2ban, and that forwards to my tailnet where Caddy resolves to the actual instance. It’s critical that you disable local registration - I have authentik (only available on the tailnet) as an IdP but you can also just disable reg after making your own account of course. I also have a robots.txt that disables some stuff like all the individual rendered git commit views otherwise scrapers get stuck in an endless loop and also I strictly forbid access to the forgejo package repository since I have some private packages and the permission granularity there is not what I want it to be, still dialing that in. I’m keeping an eye on it and so far nothing terrible has happened. docs.eblu.me if you would like details… I could also link straight to the infra code if you like.

> I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?

I've done this too in the past, I'm still running the internal/lan Forgejo instance, but not any public instance at the moment. But in the past, I've setup a public read-only instance, which mirrors my internal one, then one reverse-proxy connection from the internal to the public instance, which the public one uses for getting the git data. Then it mostly just kept on working by itself, whenever I changed anything in the internal Forgejo, the public one got updated, yet I could keep all issues, CI and more completely private and on lan.

When I adopted Foregjo I did so because I didn't like the sound of some political arguments across threads about some alleged security issues Foregjo raised with Gitea who allegedly ignored them.

What keeps you using Gitea? I'm wondering if I should try it over Foregejo now.

If only you bothered to read the first line of the article, directly under the title:

>I moved my code from GitHub to a self-hosted Forgejo

I think decentralization is the wrong answer for what people really need: portability.

I think some people are mentally ill, and think decentralization is a libertarian ideal where they can have all benefits of society, but they don't have to pay for the roads, the fire department, etc. That some how, those things will spontaneously appear because of <free market babble>.

Others recognize there's some kind of more comfortable middle ground where decentralization means the same as a town/city/state type of social good that is independent and capable of working without larger centralized structures. Having to work towards it, pay money into it, etc, are expected but because the work that goes into maintaining the infrastructure has a clear line of derivation (taxes clearly go to X, Y, Z) would be a benefit.

It's typically the first class tho that dominates all conversations regarding decentralization, and that class includes the Epstein billionaires who just dont want laws to apply anywhere they want to do unethical, immoral and whatever. eg, money is the only law.

This is literaly just a bare repo over ssh, and a gitweb interface.

It's too trivial for anyone to be selling that. And I don't think there's a large market for $5-$10 barebones setup when GH is free and you can self host.

SourceHut is good, and despite you not wanting to self host, self hosting a git repo is one of the easiest things to self host

Just hosting the code is hard now, right? The hosting company is signing up for a battle against infinite-appetite scraping organizations.

I think Gitlab is probably the best option, or gitea. Personally I'm not a fan of Codeberg - I think their licensing is a mess.

SourceHut sounds very close to what you describe: https://sr.ht/

Unfortunately all the current managed offerings aren't very good. I'm still wondering why nobody starts a new startup

There are multiple alternatives to Github for example Gitlab, Codeberg or sourcehut

I would love to use it, mostly for the jj compatibility and the nice CI implementation, but I need private repos so sadly this is not yet for me.

Microsoft did that for a lot longer than I expected honestly. Historically they would take a year or so before giving up on the "you're an independent company" bit and merge the team into MS orgs.

GitHub pulled it off for 5ish years before that began to change, and it was only last year when they stopped having their own "CEO".

> I'd be more curious as to why people are staying on GitHub

Vanity metrics.

GitHub initially tried to shy away from this, I remember conversations with early GitHub engineers trying to make sure "Stars" and "Followers" numbers were going into the direction of being just for vanity and popularity.

Then eventually the profile READMEs appeared, which people now use for showing even more vanity metrics and brag about how much code they can produce in how little days.

Since employers also ask you for a GitHub profile, it ends up being needed for new developers to make an entry into the industry, without it companies will basically ignore you. Unless you're really, really good, which to be honest, most of us aren't.

Can you push from Forgejo to GitHub for actions until you can find a replacement?

CircleCI?

They said that the First World War was impossible due to increasing trade dependencies between the European powers, and look how that turned out. ‘This is a terrible idea,’ is sadly not the deterrent to starting a war that it ought to be.

They make it rather easy by providing an audio pronunciation: https://forgejo.org/static/forgejo.mp4

With my American accent, I don't quite say it exactly like the recording, but pretty close: "for-JAY-oh"

Apparently it's pronounced (phonetically) as for-JAY-oh, an audio sample is here: https://forgejo.org/faq/

You piqued my curiosity :)

edit: Ah, I was beaten to the punch :(

Super interesting, mind sharing your exclusions and hooks?

If you have a VPS that's always running, you can just use it as a git remote through SSH without moving things around or any third party software, just put the Git repo on the VPS and clone it via "git clone ssh://user@host/path". You get authentication, encryption and synchronization out of the box with just ssh/git.

CI/CD, package registry, issue tracking in one place?

We just released support for Forgejo with RWX CI/CD: https://www.rwx.com/docs/getting-started/forgejo

From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.

I keep CI/CD super super simple, but was able to set it up for my Python repos in 15 minutes, with compatibility with GitHub actions (using the same yaml file at the same path)

It’s act runner. So you can continue using GitHub actions with minor changes

I got my own Forgejo, but I'm still on Github. That's the easiest way to check what the people I follow push, comment or star. I like this part of Github a lot.