4w ago

GitLab abandons federation plans!

Support ActivityPub for GitLab (#11247) · Epics · Epics · GitLab.org · GitLab

After 5 years of foot-dragging they finally close the ticket to community protest:

This feature request is being closed as our current focus isn't in this area.

We appreciate your input and contribution to improving our product. While this feature may have merit, we need to prioritize our efforts elsewhere at this time.

If you'd like to provide additional context about why this feature is important, please feel free to leave a comment on this issue. This will help us better evaluate the feature if we revisit this area in the future.

Thank you for your understanding and continued support in helping us build a better product.

Che succede nel Fediverso? @feddit.it

Poliverso @feddit.it

4w ago

Gitlab ha abbandonato il suo epico intento di integrare ActivityPub: e le persone non l'hanno presa benissimo

gitlab.com /groups/gitlab-org/-/epics/11247

Che succede nel Fediverso? @feddit.it

Poliverso @feddit.it

4w ago

Gitlab ha abbandonato il suo epico intento di integrare ActivityPub: e le persone non l'hanno presa benissimo

gitlab.com /groups/gitlab-org/-/epics/11247

Opensource @programming.dev

onlinepersona @programming.dev

4w ago

Gitlab closed their epic for ActivityPub Integration - people aren't happy

gitlab.com /groups/gitlab-org/-/epics/11247

38 comments

For those who were out of the loop:
What exactly is the idea of federated gitlab? Git is already inherently distributed and automagically mirroring to other remotes is generally like three lines in any CI syntax (and there is probably a precommit hook for it too).
Also: I can see a LOT of security issues with not having a centralized source of truth on what the commit hashes should be and so forth. is fedgit dot zip the source of truth for this app or fedgit dot ml or fedgit dot ca? Theoretically that is where signing comes into play but that gets back to: What advantage does a "fediverse" frontend have?
- I think the federation was more about interacting with other instances. Like creating issues and pull-requests without needing to create a new account for every instance.
  I think this would be useful, as reporting bugs on GitLabs can be annoying if you have to create an account first.
  
  As one of the core contributors for even a moderately sized project on Github: HELL NO.
  We already get more than enough drive by spam from everyone who just makes an account to complain that our code doesn't do something we never said it did. And if they don't even have to do that? Ugh.
  I do firmly believe that more projects need to understand the implications of where they host something (similar to the IOS app that alerts you if ICE is in your area). But if someone can't be bothered to even use a throaway protonmail address to file a bug report or feature request? Quite frankly, what they have to say wouldn't have been worth our limited time anyway.
- What advantage does a “fediverse” frontend have?
  Github's dominance comes from the network effects. Everyone's on github, so if you have your project on a different repo, you won't get as many visibility. If your project is on gitlab only and someone wants to report a bug, they need to:
  Find your instance.
  Create an account.
  Deal with an unfamiliar interface
  Create the ticket
  Hope it gets seen.
  Potentially forget about it, unless they set up notifications.
  A Federated forge solves all of that.
  You follow remote projects without having to create an account in the remote instance.
  You open an issue on the remote forge without having to open in an account in the remote instance, and you do it from your local server.
  If you have a PR ready, the remote instance gets notified.
  It makes a lot easier to separate CI/CD from source management.
  It makes a lot easier to separate source management from issue tracking.
  etc
  etc
  etc
- I always assumed it was more or less targeting the federation of issues/MRs.
  The git side of things is already distributed as you said, but if you decide to host your random project on your own GitLab instance you'll miss out on people submitting issues/MRs because they won't want to sign up for an account on your random instance (or sign in with another IdP).
  This is where a lot of the reliance of GitHub comes from, in my opinion.
  
  This is where a lot of the reliance of GitHub comes from, in my opinion.
  100% agree with you here.
  
  Couldnt this be done with email reminders and single sign on?
  
  People could just submit issues by e-mail, tbh.
  I have most of my projects on either notabug or chiselapp (Fosil, not Git) and to this day I get e-mails asking for stuff or notifying about issues, so it's not like the "social" / "Hub" aspect of "GitHub" is needed.
- Every GitLab instance requires you to have an account there to comment and submit PRs. Projects are often hosted on different instances.
- Git is already inherently distributed and automagically mirroring to other remotes is generally like three lines in any CI syntax (and there is probably a precommit hook for it too).
  Git is, but what about everything else? When you clone a project on gitlab or github, does it come with all the issues, discussions, MRs, and so on?
  I can see a LOT of security issues with not having a centralized source of truth on what the commit hashes should be and so forth.
  That's what signed commits are for. Also, pull/merge requests and issues are sent to the origin instance, just like in the fediverse. Like now, you made a comment on a post on Fediverse@lemmy.world through your instance lemmy.zip. The same would happen with your comments, pull/merge requests, issue reports, and so on. There's no need for a "central authority".
  Anti Commercial-AI license
  
  Partially addressed in the other branch but:
  Issues from people who can't even be bothered to make a burner account are almost never useful. And issue tracking that is not fed directly to passionate people who care about maintaining a project is worse than worthless.
  That’s what signed commits are for
  Then it is a good thing I addressed the existence of those. And... those also more or less need a semi-centralized source of truth that is independent of gitlab/hub/whatever.
  Also, pull/merge requests and issues are sent to the origin instance, just like in the fediverse
  So everything would still happen on the single source of truth for an a project? But you can have an account on whatever service you want?
  Homie? You just described oauth.
That sucks majorly, I knew GitLab isn't our friend, but to plain dismiss a development effort that didn't even come from their own employees is just spitting in our face.
Forgejo federation can't come any sooner ✊
Damn, that's incredibly disappointing...
I use forgejo and it's expected to have federation eventually, but it would've been amazing for gitlab to have AP support. Hopefully in the future it might be picked up again.
- It annoys me that we have on one atproto, but there's no fediverse one.
  
  It's cool af (i don't know much abt atproto, but my friend who knows much more about the technical stuff of fedi/matrix/etc likes it more than AP :shrug:) but i wouldn't trust my sensitive repos with it for now. But i guess its the best we have right now :c
- Oh noo; forgejo is still not connected? I had high hopes. What's the timeline?
  (Honestly, but for the wonky CI spec language I may have switched already)
  
  I'm not sure, it hasn't been announced. They're waiting for forgefed to finish being developed until they implement federation
This was literally the only reason I had any potential interest in GitLab. What a joke. 😠
It's hard for me to imagine how this benefits a for-profit company, and probably requires significant resource dedication so it's not surprising.
- Company A permits federation of project 2 with contractor B who agrees. Oh look! No need to add 21 people to your AD. Contract done? De-fed.
  Google feds with GH for AOSP dev, because it's 2023. Users don't need to even know where the repo is hosted or whether the real meat is another hop inside.
  Company "BCFerries", an imaginary organization, happens to run the largest fleet of mobile DCs in the country, with each mobile DC being 6 HA racks, three on a side, dehumidifiers o-plenty. Engineers stationed aboard need to lob tickets and hot fixes on the go, and sub them for review when the mobile DCs get a good link, 30 min out of every 2 hours. Roaming 2/2/2tb node swaps spit with the stationary nodes when it smells the VPN, and then gets ready to go again.
  Repeat that above, but say 'Maersk'. I'm betting evergreen/evergiven is on VSS.
  Enough examples?
  Running a federated GL is conceivably a set-it-and-forget-it like a lot of federated stuff already is, and you debug the glitches and patch like normal.
  Given the 5GLs I still run were all installed by VMware/terraform/chef/RPM, patched automatically with package promotion and watched for anomalies, it's already negligible effort. Double nothing is ...let's see ..carry the 0 ...integrate the square ...nothing.
  
  I don't understand anything you just said.
Awww :(
https://forgejo.fediverse.observer/list
Git itself is a distributed VCS...
- Tha is true, but the social aspect of sharing and following projects does not itself have distributed protocol. This is were AP makes sense.
Does anyone know if there is another federated version of GitLab/GitHub? That’s something I wouldn’t absolutely switch to.
- ForgeJo
I love that this thread is filled with opinions of people who have no clear idea of what a federated gitlab does or looks like and yet still believes that federation is the only answer just "because".

38 comments