Alternative code hoster?

Question

Alternative code hoster?

Closed this issue 6 months ago · 3 comments

Have you considered the use of an alternative code hoster using free software (e.g. Forgejo/Gitea) on their servers, respecting FOSS principals and not treating users as products?

The decision using Microsoft GitHub is hard to understand in the context of your goal to reach post-quantum security and privacy.

Answer 1 · 2024-02-10T22:05:31.000Z

Please keep it on GitHub. git is a decentralized protocol. There is nothing wrong with having a remote/mirror on another host. GitHub has more visibility to more developers than any other host.

Right now, what Post-Quantum Security needs more than anything else is visibility and awareness across every developer ecosystem and across the cybersecurity industry as a whole.

Answer 2 · 2024-02-11T16:14:18.000Z

Dear Andrew,
thank you very much for your reply and participating to this discussion.

Please keep it on GitHub. git is a decentralized protocol.

You mix up some things here. "Microsoft GitHub" and "git" are very different things. The first one is a product owned by Microsoft using closed source software on their servers. Of course GitHub do use "git" under the hood somewhere.

There is nothing wrong with having a remote/mirror on another host.

I disagree. Having mirrors is IMHO hazardous to a project because it do split attention and resources. Decide for one.

GitHub has more visibility to more developers than any other host.

This is IMHO not how FOSS works. The visibility of a project do not depend on the platform they use. This is not Facebook or Tiktok. From an advertising point of view the used code hoster is irrelevant.

Right now, what Post-Quantum Security needs more than anything else is visibility and awareness across every developer ecosystem and across the cybersecurity industry as a whole.

And it needs trust in expertise. Using Microsoft GitHub do not establish trust in the expertise and decisions of this repository maintainers. Closed source on the servers. Servers in USA. Hard- and software owned by US-company treating users as products, selling their data, ignoring their needs and cooperating with 5-eyes. You can not establish trust in a project when it is hosted on a platform having the NSA & Co in the back.

Answer 3 · 2024-02-15T11:56:11.000Z

I am sorry, but we are going to have to agree to disagree. I intend to further engage this project in it's actual focus (post-quantum encryption/integration) as time allows.

Looking at your bio: "Give up Microsoft GitHub. Use Codeberg.org.", you clearly are coming from a particular view and seek to push a particular path (I'll be nice).

I'll save you the long background I have in open source, but I can assure you I have decades of experience in that department.

Some of us are Enterprise, Critical Infrastructure, and yes even Public Sector focused.

Can someone please close this thread?