We need something like Forgejo, but decentralized, like Lemmy. I don’t want to create a new account for every Forgejo instance, just to be able to report a bug…
Forgejo is in fact working on being decentralized, just like the underlying git structure is. There are some first federation things in there, but the full implementation is still pretty far out.
Yeah, that was my point in the first comment… But not only that…
The development with multiple people is decentralized, yes…
But even, if I add 3 remotes to my repo (1 to GitHub, 1 to Forgejo instance A and 1 to Forgejo instance B), guess what happens, if you don’t have an account on each of these… Try pushing code or making a pull request and see how it fails, because you are not authenticated…
SourceHut encourages an e-mail based workflow that does not require anyone but the repository owner to have an account. In fact, that’s how Git originally worked before GitHub enshittified it.
You know, git initially was that kind of thing where people would send diff commits on mailing lists. Git is perfectly decentralized already. And there’s no need for federation.
Forgejo is already decentralized too. You could host your own instance right now, if you’d want.
There is no command git issue create [hostname][title][description] and if there was such a command, it’d require authentication on the specific instance to prevent spam.
You still need to create an account on each Forgejo instance to report a bug there…
And even, if you commit code or make a pull request… Git might be decentralized (you can develop with your friend independently from each other and merge it), but try to commit code to a GitHub project, GitLab instance or Forgejo instance without having an account there to authenticate yourself… It won’t work.
I do, what I don’t know is how Forgejo works. Doesn’t having to make an account for every project mean it’s already decentraliced, but just doesn’t communicate between instances?
I think that’s bad (for my personal use) because if I accidentally commit a secret key, how do I claw it back? Basically, how would I claw anything back if it’s on a blockchain aka on thousands/millions of computers already (you can’t).
Yeah please just rotate the secret if that happens. Doesn’t matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.
Yeah it’s not an insurmountable problem but it has happened to me where I push some commits and I realize “oh lemme remove this code because it leaks a little info about me personally” etc
that’s already a concern. what if someone just cloned your repo? there’s also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.
the only solution to mitigate such a mistake is to 1) invalidate the token
2) remove the commit
We need something like Forgejo, but decentralized, like Lemmy. I don’t want to create a new account for every Forgejo instance, just to be able to report a bug…
Forgejo is in fact working on being decentralized, just like the underlying git structure is. There are some first federation things in there, but the full implementation is still pretty far out.
Federation is on their roadmap
https://forgejo.org/faq/#is-there-a-roadmap-for-forgejo
if you are looking for decentralised vcs you can try radicle, I tried a while ago pretty good. FYI Forgejo supports mastodon login
That’s interesting. Did not even know, Mastodon supported doing something like this…
There is still a difference: There is no profile in the end. I might create 2 bug reports, bit they won’t be linked to each other.
Git is already decentralized, nothing is stopping you from adding multiple remotes to your repo.
The issue tracker is usually the concern
Yeah, that was my point in the first comment… But not only that…
The development with multiple people is decentralized, yes…
But even, if I add 3 remotes to my repo (1 to GitHub, 1 to Forgejo instance A and 1 to Forgejo instance B), guess what happens, if you don’t have an account on each of these… Try pushing code or making a pull request and see how it fails, because you are not authenticated…
SourceHut encourages an e-mail based workflow that does not require anyone but the repository owner to have an account. In fact, that’s how Git originally worked before GitHub enshittified it.
You know, git initially was that kind of thing where people would send diff commits on mailing lists. Git is perfectly decentralized already. And there’s no need for federation.
Forgejo is already decentralized too. You could host your own instance right now, if you’d want.
Have you heard of … Git?
:-)
There is no command
git issue create [hostname] [title] [description]and if there was such a command, it’d require authentication on the specific instance to prevent spam.You still need to create an account on each Forgejo instance to report a bug there…
And even, if you commit code or make a pull request… Git might be decentralized (you can develop with your friend independently from each other and merge it), but try to commit code to a GitHub project, GitLab instance or Forgejo instance without having an account there to authenticate yourself… It won’t work.
You mean git inherently requires you to identify yourself?
Huh, shock
git identification has nothing to do with authentication, as any sane person with git experience knows
There is this, havent tried
https://radicle.xyz/
Wouldn’t it be the other way around, having someone centralized so with one account you can report bugs in any public project?
Do you know how lemmy works?
I do, what I don’t know is how Forgejo works. Doesn’t having to make an account for every project mean it’s already decentraliced, but just doesn’t communicate between instances?
I think that’s bad (for my personal use) because if I accidentally commit a secret key, how do I claw it back? Basically, how would I claw anything back if it’s on a blockchain aka on thousands/millions of computers already (you can’t).
If you push a secret key you should definitely generate a new one. Way to many bots out there that scan new commits for exactly that reason
Yeah please just rotate the secret if that happens. Doesn’t matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.
Yeah it’s not an insurmountable problem but it has happened to me where I push some commits and I realize “oh lemme remove this code because it leaks a little info about me personally” etc
Obviously you go and change the key instead?
that’s already a concern. what if someone just cloned your repo? there’s also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.
the only solution to mitigate such a mistake is to
1) invalidate the token
2) remove the commit
In that order.
You are correct in principle, but Lemmy isn’t on a blockchain. It’s much less permanent.