Why FOSS projects are using proprietary, privacy invasive infrastructure? - eviltoast

cross-posted from: https://lemmy.ml/post/15691030

As you can easily notice, today many open source projects are using some services, that are… sus.

For example, Github is the most popular place to store your project code and we all know, who owns it. And not to forget that sketchy AI training on every line of your code. Don’t we have alternatives? Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.

Also, Crowdin is very popular in terms of software (and docs) translation. Even Privacy Guides and The New Oil use Crowdin, even though we have FLOSS Weblate, that you can easily self-host or use public instances.

So, my question is: if you are building a FLOSS / privacy related project, why using proprietary and privacy invasive tools?

  • Shareni@programming.dev
    link
    fedilink
    arrow-up
    13
    ·
    6 months ago

    Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.

    Self-hosting is right out for most people. It’s pretty expensive to even get started without compromising your home network (router with VLAN, switch, multiple servers (at least thinclients)), and then on top of that you need to maintain it, and can’t really ever max out your download/upload speeds because people are depending on your internet to interact with the repo.

    Gitlab is also for-profit, but also has blackouts and devs going rm -rf on the production DB. It’s often in the news for bad things, so I’ve generally avoided it.

    Codeberg is great for personal repos, but most smaller git hosting services have horrible SEO. Like I’ve had issues finding repos when searching for their exact name, if I had to use general search terms I’d only see github repos.

    • flora_explora@beehaw.org
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      All I found about that gitlab incidence sounded like it was one single event and more importantly that they’ve learned from it. So I don’t get the critique there. But yeah, apparently they’ve had a security hole a few days ago.

      • Shareni@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        Sure, but if you do that, and then follow it up with often outage and security issues, I’m going to seriously rethink using your services.

    • Sourcehut is for-profit. You pay them to host your data, to provide public access, to run mailng lists, to run CI build servers… you’re paying for the services. But the source code is OSS; you can download and run your own services, all or just a few. The “paying them to host the software for you” isn’t the issue, right? It’s not that someone is charging for hosting and maintenance (and, ultimately, salaries for the people working on the software), but whether or not the software is free, and whether you can self-host.

      I like your point about finding repos. I think it’d behoove all of the bit players to band together to provide one big searchable repo list. Heck, even I, who hates github with a smoldering passion, have enough sense to go there first to search for software; that’s just the nature of a hegemony. The stumbling of the attempt to create a common VCS hosting API (ForgeFed) is lamentable, but getting adoption would have been a uphill battle even without the rumored in-fighting and drama.