I think that federated gitlab instances could be a good next step forward for becoming independent from big companies.

At the moment I host a lot of my code to Github because of discoverability, but I do not feel comfortable with depending on Microsoft for this service. Gitlab is a self hosted Git server, but there is no way to federate the instances like on Lemmy. Are there any projects that deal with this?

  • TragicNotCuteM
    link
    English
    21 year ago

    Yup. This would be my concern as well. I would be very hesitant to publish private projects there. And if I were a business, I certainly wouldn’t trust it.

    • @rist097OP
      link
      English
      21 year ago

      You are trusting Microsoft more than if you hosted the instance yourself?

      • TragicNotCuteM
        link
        English
        31 year ago

        If I hosted it myself, the trust is less of an issue. I meant joining a federated VCS instance.

        • @rist097OP
          link
          English
          31 year ago

          Ah ok, but the idea is to give you flexibility. At the moment you can host your Gitlab instance, but your public projects on your instance can only be found by googling.

          The idea behind federation in this case is to have public projects be discoverable across instances, that you can star a project, open issue and make pull request across instances.

          • @marsara9
            link
            English
            11 year ago

            Ignoring the public/private repo issue for the moment. Let’s assume this is only for FOSS projects. How do solve the issues of Authorization and Recoverability?

            In theory you could implement an allowlist instead of the current ban list that Lemmy and others use for Communities. But this raises a 2nd problem, recoverability…

            If the instance that contains my account goes down how can I ensure that I can still contribute to my repositories? I could create accounts on multiple instances and authorize all of them, but this increases the attack surface of someone gaining access to one of my accounts. At least with a centralized backup like GitHub, should I forget my password I at least temporarily have my SSH/GPG keys. And if I lose my SSH/GPG keys I still have my GitHub account to upload new ones to. Maybe a variation on ActivityPub could be created that uses SSH/GPG keys instead of an account name?

            So maybe not unsolvable but at least some very interesting problems to solve first.

            • @rist097OP
              link
              English
              11 year ago

              Yes, those are some good points. I do not feel like they are unsolvable though.