While I'm not forgetting the spirit of what Git is, I'm also remembering how GitHub used "all open repositories" to train their first Copilot without telling anyone.

So, no thanks. I'll not be committing any personal code there anymore.

And no, I don't care for the social aspects either. Discoverability, stars, and AI bot powered issue bombardment.

I'm fine like this.

Also, remember, "Open Source is not about You".

Yes, but GitHub is more than just git. The most important aspect of the platform that everybody seems to forget is the social component and how easy it made to create a persistent, off-site repository and collaborate across repos.

Forgejo is doing a lot of work to make the tooling decentralized, too. They are using open protocols and standards to link self hosted forges together.

Not everybody uses git because they're infatuated with "the spirit of git". Only a tiny minority have ever even used it with the patches-by-email model it's intended for, and I would guess the vast majority of the rest have no interest in learning. People use git basically because it's what github uses, or slightly more generously because it works well when paired with a centralized host like github. The model of developing code locally and dicussion issues and patches via a web portal is the model people are taken with. Only a small portion of that is provided by git proper.

Something nobody's really calling out: Forgejo is genuinely hackable. I just added a "showcase" mode to my instance: private repos can show their README and root file listing publicly (so I can advertise that a project exists and what it does), but viewing actual code, cloning, issues, PRs are all locked behind group membership.

About an hour of work, small and frankly trivial diff: https://peoplesgrocers.com/code/forks/forgejo/pulls/1

I didn't have to fight the architecture at all, the seams were right where I needed them. Added migration adding a boolean column to the repo config table, a few tweaks in permission middleware, and voila, it just worked. Really excellent decoupling in the Forgejo codebase [1]

You can't do anything like this with GitHub. That's the actual freedom! Separate from the where-do-I-host-my-git question. There is a big difference between software that "sure technically I can change it since I have access to the source" vs software that's been constructed specifically to be customized and changed.

[1] Permission checks live in obvious places, the template system let me modify UI without touching unrelated code. Someone (many someones) clearly cared a lot about keeping this codebase modifiable by outsiders, and it shows. That's hard to do and should be more celebrated.

I agree with this. Moving the git repo is easy, moving the whole project surface is the hard part.

Issues, releases, CI, docs, security advisories, search and discoverability all tend to get coupled to GitHub over time.

For open-source projects, I like the idea of self-hosted as the source of truth, but still keeping a read-only GitHub mirror so people can actually find it.

GitHub centralizes 2 things: Authentication, as well as Repository Hosting.

Does the code really need to be hosted in a central location like this? (Clearly not, which is why people are leaving GitHub in the first place)

But the one part GitHub provides that's genuinely valuable is the social aspect, and when you get a PR from a user named torvalds you can trust that this is in fact Linus. This isn't the case with more distributed systems.

That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.

This was the original model of launchpad.net, it was supposed to be a hub of Foss that pulled in from the decentralised VCS's, and provide them all via bzr.

But bzr lost the battle, Canonical was slow to adopt Git, lack of investment in the platform, so it was another lunch that got taken from them.

Nobody’s forgetting anything. People want tooling around git bare repos. GitHub was cool because of forks and instant forked repos. That’s how they’ve established their moat.

That "everyone" is just a small, vocal community if you look at the total numbers of repos on GitHub (which is still climbing)[1]

Yes, I understand that people are upset about the Copilot issues and maybe even the "frequent" outages (which usually only affect fringe parts of the site not everyone uses daily)

It's good that there are other solutions (forge, sourcehut, whatever) but most projects are still alive and very well on GitHub and my guess is that this will stay for a while.

Also, personally I have no issues with GitHub training AI on my (badly-coded and bug-ridden) code if they really want to :)

[1] https://www.reddit.com/r/github/comments/1snqyj3/is_there_an...

I think you're forgetting issue tracking and CI.

Is the tooling really centralized around Github? I use TortoiseGit, and that doesn't seem to care which service you are using. Although it does seem to have special authentication features specifically made to help you log in to Github.

> Git is decentralized, GitHub is just another place you can host your code in, but you can push your code to multiple remote servers.

That's precisely what I have been doing for years, I still get to keep one foot in the GitHub ecosystem. I still get most contributions on GitHub, and that's fine by me. When a PR comes it I check it out locally, review it, and when it's done I merge locally to master, push to origin, and then origin pushes to GitHub which then automatically closes the PR and gives the author attribution. I never actually have to interact with GitHub after the initial pull.

I do not mean for this to come across as a nit, but think it's worth stating explicitly:

> Everyone seems to be leaving GitHub

A small minority is leaving Github; this group is more likely to write articles about the choice than those who still use Github.

Everyone knows git is decentralized. What people are searching for is a space for the social component of development such as issue tracking. Being able to reference lines of codes in issues is a killer feature of github. Gitea and gitlab do it too but not as well.

Also "just use multiple remotes" doesn't solve the problem. If you don't trust GitHub you shouldn't be pushing code there to begin with. So the ideal platform for hosting an equivalent platform as Github needs to be a trusted one as well.

I will not put anything on GitHub for a couple of reasons.

1) MSFT is using our free labour to train its AIs.

2) Being Canadian, I do not want any dependence on a US-based company, seeing as the US can no longer be considered a trustworthy ally.

I don't think anyone is forgetting that, but most people don't care that much about the decentralized part. They care about it being user friendly, free and for companies if it has all the enterprise features / SSO etc. that they need.

While that is true, the real power of git being decentralized is that you have a local repo and a remote repo. Typically, you’ll have a dozen local repositories from developers cloning the project

> Everyone seems to be leaving GitHub, and forgetting the entire spirit of what git is in my eyes.

And here lies your misconception: services such as GitHub are really not about git. That's a red herring. It's not about tooling either. People use services such as GitHub because of things like issue management, access control, release management, project pages, and CICD integration. You click on a button and you create a repository that's automatically added to your organization, with all access controls sorted out. You click on a button and you grant read access to someone. You click on a button and you onboard a whole team.

Underneath it all, it's completely irrelevant if you are even using Git. Some people even use github's CLI interface instead. Does it matter if it's git or not? Do you even care?

I have personal projects hosted and mirrored across GitHub, Gitlab, and BitBucket. That works, but only as far as backups are concerned. Even in projects that onboarded onto a third party CICD system, git is really not the reason for picking one service over another.

A lot of the complains in the blog post would still be there, though, even if GitHub was just a mirror (the AI training stuff, the US jurisdiction concerns).

"Git is decentralized"

Because is a kind of filesystem.

How a TEAM operate IS NOT.

And that is the point of Github.

There is no escape to the coordination problem!

(And if you say mails, patches, and other asynchronous ways: same thing, more complex)

github's draw is the community and exposure.

Federations are the worst decentralization model, they're too loosely cooperative.

Thank you for this, GitSocial is a very cool piece of software!

github is a social network. git hosting is just a minor feature. thats why none of these alternatives ever take off .

TIL. Thanks!

Yes -- it's definitely alpha software, but usable for open source. There are interesting experiments like tack[1] to wire in custom CI. I imagine they'll be able to support private repos eventually once ATProto supports private data, but that may take some time.

[1]: https://tangled.org/mitchellh.com/tack

I recently set up my own self-hosted "Knot", but haven't spent much time with other features:

https://tangled.org/h14h.com/knot

Overall, I think the platform looks really promising. The AtProto separation between Personal Data Servers, Relays, and AppViews seems like the appropriate set of trade-offs, IMO.

Being able to host my git repos as a headless, data-only server is about as painless as self-hosting can get. Compared with ActivityPub solutions (like Forgejo), it's great that I get to side-step the tedium of hosting and scaling an entire webapp when all I really care about is controlling my data.

Since the initial setup, the only ops maintenance I've had to do is bump the knot-server version and redeploy (tangled.org displays a banner warning notifying me when it's outdated).

Excited to spend some more time with Tangled on other projects and test out their other features! I'm particularly interested in their native support for jj and stacked PRs.

They just got a big VC funding. There is still no mention about the business model. I really wonder what it will be.

I feel like LLMs will help solve this problem they've created, TBH -- any human expert can tell in seconds when a repo has this problem, so it should be doable by a system that's tweaked over. The tricky part is writing a legal agreement that lets them apply vibe quotas!

This is what Anthropic is already doing with CC, and tbh GitHub and GitLab are probably doing the same. The cost is some hate from devs on Twitter and random small subreddits ofc, but I bet that's well worth it!

OTOH, it does kinda blow my mind how often I see people (on /r/vibecoding and elsewhere) paying for a $200/mo subscription to produce what amount to hobby projects and toy sites. I've been known to make some silly money decisions when I can afford it, but this feels different.

I guess it's a $2400 annual subscription to a service providing Meaning and Purpose? If you're around 40 and realizing that you'll never be rich or famous, this might actually affordable compared to the alternatives!

Just charge for commits per day after a certain number. Problem solved.

I considered Fossil several years ago and while it's really cool (everything being integrated is awesome), I don't like Fossil from a philosophical perspective. There's no way to clean up history, it preserves everything as is. If that's what you want, great, but as part of my git workflow I like to mess around and then go back and clean up and organize my commits before pushing them.

I love fossil. Something about it's opinionated workflow that matches what I think. But

network effects. I just can not bring my team to use fossil. They have to share code with others. Other departments. And everyone (99%+) uses git. It just feels like a disservice to force them to use fossil. It is a catch-22.

It is similar to so many other things in the tech space. Trying to get fellow developers to use functional style idioms. Trying to enforce immutability. It is like something big (like a facebook or google project) has to force the community to get on board.

Website says €30 per seat/month, which is significantly more than Sourcehut and slightly more than GitLab.

Their website is unavailable: https://www.frem.sh/

I think a lot of people within the US don't realize how badly US is seen from the outside, especially from "allies".

Illegal tariffs, threatening tariffs, NATO sabotage, threatening invasion, abandoning Ukraine, supporting Russia. It's not just one guy doing this, he has a whole party behind him that could reel him in any second.

it's about GitHub's issues in general, including outages. every section gets somewhat equal amount of attention

Of course not. It's trendy and a great way to virtue signal right now. GitHub is the target of the latest "go woke, go broke" "decentralization!" cycle. Their recent issues dealing with 30x load just made them a highly visible target.

Just skimming the comments on the internet and you see the same flavor of dumb, false narratives like "everyone is leaving GitHub" "too bad GitHub is in decline".

Meanwhile the vast, vast majority of people using GitHub for "getting shit done", while maybe impacted and unhappy with the outages, are not clamoring to move to Web3.0 forge-bro tech.

You are missing some context. Full quote below.I believe it is just a fancy way to say that the are rebuilding their backend to make it more scalable

>>>5a/ Machine-scale infrastructure.

>>> Others are bolting AI onto platforms built for human-rate commits. Git itself wasn't designed for agent-rate work.

>>> We're rebuilding the underlying infrastructure for machine scale: a generational rebuild of git, the monolith giving way to composable, monetized services with agent-first APIs.

Depending on the government. USA government? Yes, I'd trust that even less than Microsoft. Most EU governments? I'd trust a hell of a lot more. Especially my own (Estonian).

Microsoft did that for a lot longer than I expected honestly. Historically they would take a year or so before giving up on the "you're an independent company" bit and merge the team into MS orgs.

GitHub pulled it off for 5ish years before that began to change, and it was only last year when they stopped having their own "CEO".

They make it rather easy by providing an audio pronunciation: https://forgejo.org/static/forgejo.mp4

With my American accent, I don't quite say it exactly like the recording, but pretty close: "for-JAY-oh"

Apparently it's pronounced (phonetically) as for-JAY-oh, an audio sample is here: https://forgejo.org/faq/

You piqued my curiosity :)

edit: Ah, I was beaten to the punch :(

> I'd be more curious as to why people are staying on GitHub

Vanity metrics.

GitHub initially tried to shy away from this, I remember conversations with early GitHub engineers trying to make sure "Stars" and "Followers" numbers were going into the direction of being just for vanity and popularity.

Then eventually the profile READMEs appeared, which people now use for showing even more vanity metrics and brag about how much code they can produce in how little days.

Since employers also ask you for a GitHub profile, it ends up being needed for new developers to make an entry into the industry, without it companies will basically ignore you. Unless you're really, really good, which to be honest, most of us aren't.

Wasn't gitea a fork of forgejo?

How much utilization do you have? For low scale, it's hard to beat GitHub Actions as they offer free runners for public repos and include a bunch of free hours for private repos.

Once you start paying for it, GitHub Actions runners are very expensive. I've used both Jenkins and GitLab before to self-host CI/CD, and you save so much using on-demand (or at higher scale, reserved) cloud instances. I do freelance DevOps work and I've helped clients with these sorts of challenges.

Can you push from Forgejo to GitHub for actions until you can find a replacement?

Use gitea which has github actions compatibility.

CircleCI?

Probably the mirror? I have zero problems like that on my Forgejo Pi setup. I am not mirroring

A couple of valid reasons:

+ they don’t want to pay the bandwidth costs

+ they don’t want to help train a model that might ultimately put them out of work.

I don’t personally agree that AI are taking out jobs, but I do think it’s still a reasonable concern others have so I would sympathise if that were the rationale.

Doesn't seem inconsistent to me. I may want my code to be open source so that other humans can read it, understand it, build on it, and contribute to it.

I may also have a philosophical opposition to generative AI at the same time - there are plenty of environmental, societal, and intellectual-property costs that some may find unconscionable.

It's kind of breaking the social contract. Licences were drafted, conferences were held, and endless flamewars tried to codify what it means to collaboratively build, distribute, own and use open software.

Then came the model trainers, ignoring the entire discourse, reasoning: "if I can download it, it's mine too use". And then basically selling the resulting tech back to the community.

Not unlike big tech extracting money from open source, but at least the latter usually (somewhat maliciously) complied with the license.

Why would someone volunteer at a soup kitchen but not want to donate free labor to the canning factory? I'm pretty sure you know the answer to both questions.

Consider a couple similar situations:

1. Many teachers don't publish, and those that do publish often still reserve their best for their students.

2. OS development sometimes operates like esoteric societies: you publish enough that people with the desire and insight become interested and engaged - both a filter and an invitation. So you can tailor the community you like.

Both depend on people really valuing these mutually-constitutive relationships.

My observation is that the generations raised on social media and gaming are happy enough with those substitutes, and view publishing their best work as a kind of self-promotion and participation in a larger, diffuse community (without a real role in governance). And they're right: expecting more personal communities now is a severely limiting factor, and AI removes most of the incentives to participate in someone else's project.

Open source is not necessarily about helping any programmer, for any endeavor. Actually, my code targets the end users, not fellow programmers.

I don't want my code to be used to build proprietary software. I want code built on top of mine to respect its users. I choose the AGPL for this reason.

I also don't mind the attribution.

The LLMs don't care about all that, and do that by hogging the resources, y creating a lot of waste and pollution and disrupting society for unclear benefits. No thanks.

When AI respects my license, sure.

> Open Source and the OSI are an industry plant. Look at who sponsors it.

This is ignorant to the history of Open Source software. Software has been open long before it was subsidized by large corporations.

"Computer software was created in the early half of the 20th century.[2][3][4] In the 1950s and into the 1960s, almost all softwares were produced by academics and corporate researchers working in collaboration,[5] often shared as public-domain software." https://en.wikipedia.org/wiki/History_of_free_and_open-sourc...

One problem with all of these licenses is that however the code is available, we can’t practically prevent the LLM companies from training on it (especially given that they don’t respect IP laws anyway). No idea what to do about this. Wonder if communities will have to move to some kind of fractured system where source is gated behind a login.

Rough times out there for transparent organizations.

Why can't others just be "Others I disagree with"? Why it has to be some grand conspiracy?

I'm all for open source, most of what I do is released as MIT, almost never "Free Software", still doing the same thing since LLMs appeared, regardless of everything else.

I'm a real person, have nothing to do with OSI but willing to explain my position, as long as you take it as real opinions held by a real person, instead of going into conspiracy theory land. Ask me anything, I'll give you my honest perspective.

When you come into a convo saying even Stallman isn't extreme enough, it's probably a good time to take a step back and evaluate your life.

I find non-commercial licenses too extreme. People selling your free software or using it in a commercial way so long as they respect the license is a good thing

My ponit was not against self-hosting.

It was more about the symbolism. If the goal is decentralization, “I moved to a personal forge I control” is the post's core idea. But framing it as “leaving GitHub for Forgejo” inevitably creates a new flag to gather around.

That may be useful and even necessary, but it also shows that decentralization movements often produce new centers, names, and identities.

I did read it. What I meant is that trying to isolate oneself using alternative platforms often looks like chasing a new trend. The ultimate irony is that the sheer complexity of the author's setup—KVMs, weekly rebuilds, isolated networks—is exactly the kind of burdensome infrastructure people were running away from in the first place. To clarify, my point was that specifically mentioning 'Forgejo'rather than just a generic personal 'home server'makes it come across as acting like a trendsetter

What's the portability blocker with git? It's pretty easy to pull your repo and clone it to a new server, and you keep your history and everything I thought.

It could be a strategy, or it could be a sense of ethics. And your point makes sense, and I also agree with you. The first part of your comment is a bit harsh, but if you soften your reply a bit, it matches my thoughts. I'm giving you an upvote because I agree with your idea.

Hey thanks for the answer and link to docs. I don’t use tailscale, it’s running in a NUC, accessible with wireguard for now. (Docker + 4 runners)

I try to keep things simple in the homelab and thinking only using fail2ban and caddy reverse proxy and expose it.

Package registry isn’t private by default and accessible with PAT. Or am I mistaken?

I'm one of the project leads of Gitea (and am paid for some of my work on Gitea), and here are some more details around the specific incident you are talking about: We were alerted to an issue, and investigated provided a patch, and then waited until the end of the embargo to release the next version with the fix. It turns out they had sent a follow up after our response to them that, due to their usage of an email relay that gets blocked for spam often, went into the spam box for all of the maintainers on the security team (across multiple mail providers). We informed them of this and they still haven't corrected the record on their blog post. This is after previously giving us 10 and 2 day "embargoes" on "severe" issues and a multi-hundred line patch that rewrote core portions of the codebase and introduced issues in itself, we notified them of this and provided them with out patch. In our interactions with them we have also followed our documented approach, that we have followed with codeberg previously (that we were thanked and applauded), but they have changed their stance and claimed we are now acting improperly (and when we asked for how we could adjust our approach to something that works for their adjusted expectations we never received a response, even after receiving multiple emails from multiple non-company maintainers and even messages in multiple chatrooms).

Disclaimer: I was also previously an elected member of Codeberg's board (presidium), where before the company that was founded to support Gitea's community maintainers was created, I had asked for assistance with multiple matters to aid in project development and was denied.

Note that Gitea has embraced AI code, and Forgejo refuses it - if that's a criterion for you.

Nothing special. I am aware of the discussions for so long. I mostly spend my time making music with modular synths and migration to forgejo is not a priority right now, I don’t want to touch the setup. If you’re on forgejo I don’t think there’s any reason to try the gitea.

As someone who uses gitea, honestly it’s because I set it up a while ago and foregjo hasn’t offered anything compelling to force a switch, nor has gitea “enshittified” like the concerns around the fork raised.

Honestly, stay where you are

Did you use some sort of intrusion prevention system? I'm using cloudflare's anti ddos service + crowdsec, but I'm still getting bombarded with hundreds of thousands of requests per month

I’ve had my eye on this platform. Generally like their design and ethos too. However I find their code viewer/navigation a little hard for my eye. But maybe I’m just too used to GitHub.

No one notices the part about private repos and access control...

Oh if you don't do the web interface thing you can just git init and set up a few ssh keys or fcgiwrap.

I'd pay a bit so I don't have to back it up. But not 20 per friend who might make a commit next year.

Just like pikapods supports running things like actual budget for you - https://actualbudget.org/docs/install/pikapods

Something similar from them or digital ocean or linode or Hetzner would be a win.

Pika does offer Forgejo and Gitea.

I pay DigitalOcean $6/mo for a VM that started out as just that - a bare repo and ssh. If it was available at the time, I'd probably have paid $10 for the same if I didn't have to set up and administer the thing. I lost interest in administrating web servers in the early Apache 2.0 days so a private "mini-githib" would be tempting.

(I use that VM as my primary public nameserver now and I don't really need a web front end for git so I'll be keeping my current setup. But if it had been available back then, I'd probably have gone for it.)

Which licensing?