Mirroring/Moving away from github - Bisqubutor's github account was banned possibly because he uses tor #1302
Comments
|
Mirroring pure git tree is simple, I could even host some public server for that. Issues and PRs are bigger problem, need to go through GitHub API, probably there are some ready to use tools for that. |
|
It seems like any open source project should have the same problem. I wonder if there's a blog post somewhere describing a standard way of doing it. I think I remember reading that Bisq has mirrors its issues and PRs. |
|
@kristapsk @chris-belcher time to build a decentralized p2p GitHub alternative over Lightning Network :) |
|
@RiccardoMasutti Not sure Lightning Network is required. Could something like nostr be useful here (haven't looked much into details there yet)? |
It was half-joke, since nowadays everyone is building on LN :) |
If you are reading this bisqubutor, thanks for that :)
Thanks for those references @chris-belcher I have also looked briefly at gitlab and gitea before. They seem at least plausible, but: I guess we have to consider self-hosting (I'm looking at https://about.gitlab.com/handbook/marketing/strategic-marketing/dot-com-vs-self-managed/). gitlab is a company; I see no reason to believe they'd be different from github if we didn't use self-hosted (of course, temporarily they could be). This chart is interesting (though given the source it is probably biased): https://docs.gitea.io/en-us/comparison/ Is gitea is a self-hosted only thing? Also, we're going to struggle to get contributors signing up to and/or using something new, although to be fair, it has always been hard to have more than a very few active contributors. I'm reluctantly somewhat reluctant to change the github thing for now, but I could definitely be persuaded. It needs someone to do the work to manage the new setup (and be reliable). |
|
I really like Github and don't see the point to move just to some other centralized solution with high probability of same problems. But we should look into ways how to backup issue / PR stuff from Github somewhere / somehow. Having truly decentralized alternative to github would be cool. but I don't think there is one right now. |
|
Gitea is self-hosted, but they're working on federation features so it could be a good option once they've got that working. It's very lightweight and I'd be happy to contribute some resources to running a federated instance. Medium term, mirroring github to gitea looks reasonably easy to automate. I suspect motivated contributors wouldn't be put off by another platform, but I'm unsure about more casual users. How much trust and discoverability does Github offer compared to an unknown third party site.... |
That seems to be mirroring only git part, not issues and pull requests. You can do that with plain git and some simple shell script, don't even need gitea. |
|
Some decentralised alternatives are mentioned here: https://github.com/bitcoin-core/bitcoin-devwiki/wiki/GitHub-alternatives-for-Bitcoin-Core#decentralized @fiatjaf could build something using nostr in future All bitcoin projects should move to alternatives IMO that works without problems particularly privacy projects |
|
Some thoughts and trying to summarize what's been mentioned so far:
|
|
Something maybe worth looking at too was mentioned on Twitter:
Although nostr README explictly mentions Secure Scuttlebutt, main advantage of nostr over Secure Scuttlebutt being simplicity. |
|
We are in a similar situation, along with having to replicate proxies / mirroring package registries (go modules / npm). Can vouch for sourcehut: its great service, really though you should consider the mailing list and submit fix via patch (email) which is native to git and easily done via sourcehut. This will give you a worst case failover in case total compromise occurs. FWIW we are moving to a self hosted Gerrit instance on bare metal. If your interested can make it open source under permissive license. Godspeed, and there are more with you than you know. |
|
Transcript by @kanzure related to topic - Strategies for migrating Bitcoin Core off GitHub. |
|
Here's some developments with git + nostr by @jb55. https://twitter.com/jb55/status/1595515096184532992 |
|
This looks promising, bug tracking with pure git - https://github.com/MichaelMure/git-bug. |
|
It looks there is now 1.2 BTC bounty by Jack Dorsey to develop nostr-based GitHub replacement.
|
|
Related - Censorship-resistant open source on Nostr. |
Another option could be setting up a self-hosted gitlab server. But they could try to change the license to not allow TOR hosting - which then could still use the last version with the unrestricted license. https://www.howtogeek.com/devops/how-to-set-up-a-personal-gitlab-server/ |
|
Related NIP: nostr-protocol/nips#223 |
|
Jack Dorsey just annonced he's raising his bounty for this from 1.2 BTC to 10 BTC. https://iris.to/post/note17gfm0k0ssw4qctpge32dp3nulu975mjpdl9nqmrs78msp622d90qvdral4 |
|
It looks there is some project working in that direction - https://github.com/NostrGit/NostrGit. |
I've also started working on https://github.com/akhavr/nostrya Hopefully will have something working "in two weeks" (tm) |
|
Two projects probably worth looking at:
From this Nostr thread - https://iris.to/note1r2nahye9mekplptvc2xaptm07kyz0l4adq545ynewqgz2wdm065qwncl7d. |
|
Probably useful tool - https://github.com/josegonzalez/python-github-backup . |
and others
bisqubutor recently came on the IRC channel and told us about how his github account got deleted/banned.
The logs are here (https://gnusha.org/joinmarket/2022-06-07.log) but I'll copypaste the relevant parts:
Regardless of whether this is an accident on github's part, or intentional exclusion of Tor users, it's still an alarming reminder that we need to do something about our vulnerability to github. We need some kind of mirror or scraper that saves our issues, PRs, comments and git tree so that we can easily recover if the worst happens with github. As a project based on privacy we really need to support Tor users.
laanwj runs a tor hidden service that mirrors many bitcoin-related git repositories: https://twitter.com/orionwl/status/1155058225299042304
jb55 also hosts his own git server https://bitcoinhackers.org/@jb55/105698471194587682
Options we could use are bitbucket, gitlab or https://gitea.com/
The text was updated successfully, but these errors were encountered: