We need something like Forgejo, but decentralized and federated, like Lemmy. I don’t want to create a new account for every Forgejo instance, just to be able to report a bug…
Forgejo is in fact working on being decentralized, just like the underlying git structure is. There are some first federation things in there, but the full implementation is still pretty far out.
Yeah, that was my point in the first comment… But not only that…
The development with multiple people is decentralized, yes…
But even, if I add 3 remotes to my repo (1 to GitHub, 1 to Forgejo instance A and 1 to Forgejo instance B), guess what happens, if you don’t have an account on each of these… Try pushing code or making a pull request and see how it fails, because you are not authenticated…
SourceHut encourages an e-mail–based workflow that does not require anyone but the repository owner to have an account. In fact, that’s how Git originally worked before GitHub enshittified it.
You know, git initially was that kind of thing where people would send diff commits on mailing lists. Git is perfectly decentralized already. And there’s no need for federation.
Forgejo is already decentralized too. You could host your own instance right now, if you’d want.
I think that’s bad (for my personal use) because if I accidentally commit a secret key, how do I claw it back? Basically, how would I claw anything back if it’s on a blockchain aka on thousands/millions of computers already (you can’t).
Yeah it’s not an insurmountable problem but it has happened to me where I push some commits and I realize “oh lemme remove this code because it leaks a little info about me personally” etc
Yeah please just rotate the secret if that happens. Doesn’t matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.
that’s already a concern. what if someone just cloned your repo? there’s also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.
the only solution to mitigate such a mistake is to 1) invalidate the token
2) remove the commit
I did not mean decentralized hosting of the projects (e.g. your project will be on all instances).
I meant decentralized account usage (e.g. you can use your example.com forgejo account to create an issue on otherexample.org)… Just like Lemmy… I could use my reddthat.com lemmy account to create a post on your instance lemmy.world without having to register there.
I do, what I don’t know is how Forgejo works. Doesn’t having to make an account for every project mean it’s already decentraliced, but just doesn’t communicate between instances?
We need something like Forgejo, but decentralized and federated, like Lemmy. I don’t want to create a new account for every Forgejo instance, just to be able to report a bug…
Edit: Added “and federated”
Forgejo is in fact working on being decentralized, just like the underlying git structure is. There are some first federation things in there, but the full implementation is still pretty far out.
Git is decentralized itself… You don’t even need forgejo to host your changes
Git is already decentralized, nothing is stopping you from adding multiple remotes to your repo.
The issue tracker is usually the concern
Yeah, that was my point in the first comment… But not only that…
The development with multiple people is decentralized, yes…
But even, if I add 3 remotes to my repo (1 to GitHub, 1 to Forgejo instance A and 1 to Forgejo instance B), guess what happens, if you don’t have an account on each of these… Try pushing code or making a pull request and see how it fails, because you are not authenticated…
SourceHut encourages an e-mail–based workflow that does not require anyone but the repository owner to have an account. In fact, that’s how Git originally worked before GitHub enshittified it.
How would decentralization work for an issue tracker? The issues have to be stored somewhere.
naturally on the instance that hosts the repo
The issues should be central, but it would be nice for my reputation as a contributor to migrate between instances.
Federation is on their roadmap
https://forgejo.org/faq/#is-there-a-roadmap-for-forgejo
You know, git initially was that kind of thing where people would send diff commits on mailing lists. Git is perfectly decentralized already. And there’s no need for federation.
Forgejo is already decentralized too. You could host your own instance right now, if you’d want.
There is this, havent tried
https://radicle.xyz/
Gitea has basic federation, I believe
Gitea is where Forgejo forked from.
if you are looking for decentralised vcs you can try radicle, I tried a while ago pretty good. FYI Forgejo supports mastodon login
That’s interesting. Did not even know, Mastodon supported doing something like this…
There is still a difference: There is no profile in the end. I might create 2 bug reports, bit they won’t be linked to each other.
I think that’s bad (for my personal use) because if I accidentally commit a secret key, how do I claw it back? Basically, how would I claw anything back if it’s on a blockchain aka on thousands/millions of computers already (you can’t).
If you push a secret key you should definitely generate a new one. Way to many bots out there that scan new commits for exactly that reason
Yeah it’s not an insurmountable problem but it has happened to me where I push some commits and I realize “oh lemme remove this code because it leaks a little info about me personally” etc
Yeah please just rotate the secret if that happens. Doesn’t matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.
Obviously you go and change the key instead?
that’s already a concern. what if someone just cloned your repo? there’s also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.
the only solution to mitigate such a mistake is to
1) invalidate the token
2) remove the commit
In that order.
You can make commits on your system without pushing them to the remote server, and that’s the default behavior.
I did not mean decentralized hosting of the projects (e.g. your project will be on all instances).
I meant decentralized account usage (e.g. you can use your example.com forgejo account to create an issue on otherexample.org)… Just like Lemmy… I could use my reddthat.com lemmy account to create a post on your instance lemmy.world without having to register there.
You are correct in principle, but Lemmy isn’t on a blockchain. It’s much less permanent.
Wouldn’t it be the other way around, having someone centralized so with one account you can report bugs in any public project?
Do you know how lemmy works?
I do, what I don’t know is how Forgejo works. Doesn’t having to make an account for every project mean it’s already decentraliced, but just doesn’t communicate between instances?
I agree that it’s already kind of decentralized, so I also added the word “federated” to my original post.
Okay, that makes it way more clear ;b
deleted by creator
Rather have it on IPFS or something like OrbitDB, so no one can just lock/delete stuff.