Why FOSS projects are using proprietary, privacy invasive infrastructure?

A lot of people use Github because it's easy to use and popular. Not everyone wants to self host, although it would be nice if the larger projects did. What I really hate is when open source projects use something like disord for support.

There's been a general trend towards self-hosted GitLab instances in some projects:

• https://gitlab.freedesktop.org/
• https://invent.kde.org/
• https://gitlab.archlinux.org/

Small projects tend to not want to spin up infrastructure, but on GitHub you know your code will still be there 10 years later after you disappear. The same cannot be said of my Cogs instance and whatever was on it.

And overall, GitHub has been pretty good to users. No ads, free, pretty speedy, and a huge community of users that already have an account where they can just PR your repo. Nobody wants to make an account on some random dude's instance just to open a PR.

Network effect.

Using GitHub as an example, choosing any alternative (as a small project) will reduce the amount of contributions and will make the project less discoverable. Especially if you consider projects where the technical barrier for contribution is lower, it is much more likely for a potential contributor to have an account on a "mainstream" platform.

I used to think that this was less of an issue in more niche communities, but a recent post by an Emacs package developer (Protesilaos Stavrou, won an FSF award a few years ago) changed my mind: https://protesilaos.com/codelog/2024-04-30-re-emacs-github-freedom-microsoft/

Because most oss maintainers are more afraid of their work disappearing due to service shutdowns than they are being profiled by data miners.

Everyone has seen some example of a tool or resource hosted on a persons private server end up taken down because they couldn’t afford it, the isp or university stopped offering hosting or because they simply couldn’t keep doing it due to death or old age.

That’s what people who create software are afraid of. The loss of that creation, not the loss of the privacy of people who contribute to it or download it.

Because most of us want projects with users, and there's a lot more users on GitHub and Discord than Gitea and Matrix

Usually because resources are limited, both financial and time, so people make do with what they can.

As projects grow, and as the FOSS alternatives improve, projects can switch over.

I see Github as a mere tool. As I could use a proprietary operating system like Windows on my development computer, I can use Github to distribute the code. It doesn't have that severe consequence to the open source project itself and works well. And it's relatively transparent. Users can view issues etc without submitting to Microsoft. And it's been the standard for quite some time.

I'm far more concerned with FLOSS projects using platforms like Discord, which forces their users to surrender their privacy and that actively contribute to the enshittification of the internet. I wouldn't want to be part of that.

Codeberg is relatively new, gitlab sucks, I’ve never heard of notabug. That’s why. People want their open source projects to be found and contributed to so using what the most popular makes sense. Although i do love codeberg and I’m glad it’s being worked on so well.

Well, keeping an infrastructure like github is very expensive. Other solutions like gitlab are no real solution as gitlab itself is also not completely FOSS. Codeberg is a relatively new kid in the block, and sustainability in the long term is still not proven. Gitea/Forjego requires you to selfhost your repositories and that's something not everybody can afford/take the time to do.
So, we have a situation of a standard de facto, when one company took the space and constitued a monopoly, forcing the users to use it or be invisible otherwise.
So, there you have the reason: visibility in a market dominated by just one actor.
How to fight this situation? There is no much way as individuals, a partial solution is to use a FOSS solution and then mirror on github for visibility. Of course this is limited as individual solutions wont change collective problems, but FOSS groups doing the same are no longer individuals but communities so with time we may have a way to get out...

EDIT: s/go/get

Not only that FOSS use GitHub and other proprietary hosts, they even in much cases contain APIs of Google, M$, Amazon, Fakebook & cia, APIs also offered as FOSS by Big Brothers. Since these companies have entered the world of OpenSource, what was previously considered free software is becoming more and more perverted.

It's ridiculous when I want to use an OpenSource service where an account is necessary, most of the time a window appears with the kind offer to log in with a Google or Facebook account or that this service send data to googleanalytics, googletagmanager and Alphabet, like ocurres with an account in Mozilla.

Time to update and redefine what free software should be.

Having free and open source software is not enough for some people. The dev needs to publish it in a Foss platform, use a Foss operative system, a Foss ide, mild political views. Free, quality and high maintained software is not good enough these days. /s

Maybe an unpopular opinion but why would you care about how privacy invasive GitHub is? Your code is open-source anyways so MSFT can steal it wherever you host it. And if they haven't changed it you're able to sign up with just an email and a pseudonym. It's not a social network where you have to post private information for it to be useful you can and most people do use it pretty anonymously.

So I never understand the outrage about GitHub and MSFT. Git is distributed anyway, the only thing that can be lost are issues and pull request histories. If they fuck up, everyone can just move. Now GitHub Actions, that is a clever thing for binding users...

Gitlab just stomps Github into the dirt these days. For my own projects, I’m now Gitlab all the way.

My one complaint, though, is that Gitlab’s Git LFS is way more pricey than Github, which sucks.

Well put!

Gitea is simply amazing! Give it a try!

I really need to learn git. Wouldn't it be possible, even trivial, to simply host your own repository nowadays?

I am also thinking of starting an open source project, and honestly, will do it on Github, because so far, GitHub does not require microphone or location access, yadayada... And the AI thing would happen anyway. Do you think Google has not used GitHub repos for training Gemini?

I am very interested in syncing the repo with a federated git server, but from what I am reading Codeberg/Forgejo still don't have federation working?

I run a few reasonably popular FOSS projects, and basically the reason I use non-free infrastructure where I do is that my users prefer I use that. I love open source, and I love privacy centric services, but not everyone does, and for open source projects, having (and enabling the most) community involvement is more important than privacy centric toolsets.

In a perfect world, I could self host my own code forge and support forum, and everyone would be willing and able to use it, but we don’t live in a perfect world, and I can’t do that yet. If we keep working toward it, I believe it will happen, but it’s just not ready yet.