this post was submitted on 18 Jul 2024
91 points (93.3% liked)

Open Source

31165 readers
117 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I've been on Codeberg for over a year now and the experience has been great. It has been around for a while, it's fast, thanks to Forgejo, the self-hostable open-source software that Codeberg uses, which also offers great features.

However, it lacks a good CI/CD system. I feel like Woodpecker (the CI/CD system Codeberg uses) can't do more complex things. Forgejo/Gitea have their own CI/CD system which is better, but Codeberg still uses Woodpecker.

But other than that, why isn't Codeberg more widely adopted? Even privacy advocates continue to use GitHub, despite its acquisition by Microsoft. I agree with the sentiment that GitHub has a large user base, and its widespread adoption is undeniable, but I still think more people should try Codeberg or even self-host their own Forgejo/Gitea instances.

So, I'm curious to hear your perspective. What are the reasons that keep you tied to GitHub? Do the features and network outweigh the privacy concerns? Are there specific functionalities that you rely on and haven't found elsewhere?

you are viewing a single comment's thread
view the rest of the comments
[–] PlexSheep@infosec.pub 4 points 3 months ago (1 children)

Why exactly would it not be ok with the gdpr? I can't think of anything right now. Having a few diverse isn't really a new idea, it's basically the www all over again and mastodon and lemmy &Co exist already.

Or are you referring to registering CI workers? That might be a bit of a problem, yeah, as you're basically giving the git hoster remote code execution (on a docker container). Not really a problem if you host your own of course.

[–] refalo@programming.dev 3 points 3 months ago (1 children)

For one there's no incentive for individuals running an instance to care about compliance in the first place, regardless of the actual issues at play. One obvious issue that comes to mind is the right to be forgotten. FOSS software can be easily modified and if servers don't comply with such requests properly then your rights are being violated and good luck doing anything useful about it.

[–] AustralianSimon@lemmy.world -1 points 3 months ago* (last edited 1 month ago) (1 children)
[–] tyler@programming.dev 2 points 3 months ago (1 children)

It does. It applies to any service that has a single EU user. And that doesn’t mean someone in the EU. It means an EU citizen, even if they are living abroad.

[–] AustralianSimon@lemmy.world 2 points 3 months ago* (last edited 1 month ago) (1 children)
[–] tyler@programming.dev 1 points 3 months ago (2 children)

Anyone who ever hopes to actually move or operate in the EU will be forced to comply. So an instance owner in the fediverse might operate their instance out of the US. Then the US enacts some law to force handing over user data. The server owner wants to move (themselves or the server) to the EU. Well, they’re now fucked.

Or if an instance owner wants to sell something on the site, guess you’re not selling to 50% of your users.

[–] AustralianSimon@lemmy.world 2 points 3 months ago* (last edited 1 month ago)
[–] chebra@mstdn.io 0 points 3 months ago (1 children)

@tyler @AustralianSimon

GDPR applies only to people (even non-EU citizens) who "live" on the territory of EU. EU citizens who leave, don't have the GDPR protection anymore. There was an affair last year when google started notifying people about transferring their account data to non-EU datacenters after it detected them connecting from a foreign IP when they went for a holiday to Thailand for a month. So clearly you have some misunderstandings of GDPR. Also GDPR prevents selling stuff??

[–] tyler@programming.dev 0 points 3 months ago (2 children)

That is incorrect. I implemented GDPR for a finance company whose lawyers are contracted to companies like Google to fix their legal mistakes so I trust the lawyers at that company far more than I trust Google’s. That affair you’re describing could easily be taken to court as they are failing to uphold gdpr.

And you can easily go look up the law yourself. https://www.compliancejunction.com/gdpr-frequently-asked-questions/

Does GDPR Apply to EU Citizens Living Abroad?

GDPR protects the personal data and the rights of data subjects as long as they are EU citizens, no matter where they are living.

[–] chebra@mstdn.io 0 points 3 months ago (1 children)

@tyler Well, they are doing it: https://piunikaweb.com/2021/04/24/google-emails-about-change-of-country-of-association-issue-escalated/ When I followed the steps and wanted to set my country back to Europe, they responded "After reviewing your account, we think your current country association is accurate and we didn't change anything." (keeping the wrong one, non-EU country). Note Google LLC is in USA, Google Ireland Limited is in EU https://policies.google.com/faq#associated-country

[–] AustralianSimon@lemmy.world 0 points 3 months ago* (last edited 1 month ago) (1 children)
[–] tyler@programming.dev 0 points 3 months ago (1 children)

I'm gonna go ahead and say that the lawyers I implemented it for understand it a lot better than you (and yes even Google's lawyers).

If not in the EU, this doesn’t impact a business not planning to operate there.

it does if you ever will operate there though. Many many companies eventually need to do business in the EU. So not following GDPR is just asking to never be allowed to operate there ever. Fine for local newspapers, not fine for a finance company that eventually needs to do business across national boundaries.

[–] AustralianSimon@lemmy.world 0 points 3 months ago* (last edited 1 month ago) (1 children)
[–] tyler@programming.dev 0 points 3 months ago

Most people aren’t companies. I’m guessing you’ve never run a company. You want to keep options open, for so many reasons.