✨ Feature Suggestion | Gitlab mirroring #742

New Issue

jonah · 2019-01-26T02:39:07Z

pdjpdjpdj commented

2019-01-26 02:39:07 +00:00

(Migrated from github.com)

Description:

In these days and certainly for this project certainly a backup on another public git repository hoster is imho recommended. I was thinking of GitLab using anyone experience with it?

## Description: In these days and certainly for this project certainly a backup on another public git repository hoster is imho recommended. I was thinking of GitLab using [anyone experience with it](https://github.com/samrocketman/gitlab-mirrors)?

👍 2

pdjpdjpdj commented

2019-02-09 13:17:44 +00:00

(Migrated from github.com)

Anyone know whether you can configure git hooks to do just that? Mirror the repository/issues to e.g. gitlab?

ghost commented

2019-02-09 13:20:34 +00:00

(Migrated from github.com)

If a GitLab mirror is set up, it should be read only with a link to the main repo. We don't want people opening issues/PRs on GL.

👍 2

ghost commented

2019-04-09 20:33:03 +00:00

(Migrated from github.com)

Problems with Gitlab.com service:

GDPR violations (I didn't read that but just skimmed and looks like the author did their homework)
Hosted by privacy abuser Google
Hostile treatment of Tor users trying to register.
Hostile treatment of new users who attempt to register with a @spamgourmet.com forwarding email address to track spam and to protect their more sensitive internal email address.
Hostile treatment of Tor users after they've established an account and have proven to be a non-spammer.

Regarding the last item, I was simply trying to edit an existing message that I already posted and was forced to solve a Google reCAPTCHA (attached). There are several problems with this:

CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts.
CAPTCHAs put humans to work for machines when it is machines that should work for humans.
CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs.
The CAPTCHA puzzle is sourced from Google. So Google is likely getting compensated in some way and Google is likely also recording IP address, browser print, and the page the CAPTCHA is served to in order to add to someones tracking info.
Google's reCAPTCHA forces users to run non-free javascript.
Google's reCAPTCHA is graphical, breaking all users' clients that are non-graphical.
The puzzle is often broken. This amounts to a denial of service:

I was denied collaboration with a Gitlab project because Google (a PRISM privacy abuser) was given the power to decide whether I could participate. The CAPTCHA was broken so I was blocked.

Google should not have power over a project whose purpose is privacy advocacy.

# Problems with Gitlab.com *service*: 1. [GDPR violations](https://www.reddit.com/r/europrivacy/comments/8oymby/source_code_hoster_gitlab_is_not_respecing_the/) (I didn't read that but just skimmed and looks like the author did their homework) 1. [Hosted by privacy abuser Google](https://about.gitlab.com/2018/06/25/moving-to-gcp/) 1. Hostile treatment of Tor users trying to register. 1. Hostile treatment of new users who attempt to register with a `@spamgourmet.com` forwarding email address to track spam and to protect their more sensitive internal email address. 1. Hostile treatment of Tor users after they've established an account and have proven to be a non-spammer. Regarding the last item, I was simply trying to edit an existing message that I already posted and was forced to solve a Google reCAPTCHA (attached). There are several problems with this: * CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts. * CAPTCHAs put humans to work for machines when it is machines that should work for humans. * CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs. * The CAPTCHA puzzle is sourced from Google. So Google is likely getting compensated in some way and Google is likely also recording IP address, browser print, and the page the CAPTCHA is served to in order to add to someones tracking info. * Google's reCAPTCHA forces users to run non-free javascript. * Google's reCAPTCHA is graphical, breaking all users' clients that are non-graphical. * The puzzle is often broken. This amounts to a denial of service: ![51769530-9d494300-20e3-11e9-9830-1610b3ae9059](https://user-images.githubusercontent.com/18015852/55832824-af4d5600-5b16-11e9-8fb0-898ca2c2d926.png) I was denied collaboration with a Gitlab project because Google (a PRISM privacy abuser) was given the power to decide whether I could participate. The CAPTCHA was broken so I was blocked. Google should not have power over a project whose purpose is privacy advocacy.

👍 2 ❤️ 2

jonah commented

2019-04-15 12:49:09 +00:00

We’re going to have a public GitLab instance installed in the next few days, and we will have a read-only mirror of this organization and repo on it. It will not replace GitHub at this time.

We’re going to have a public GitLab instance installed in the next few days, and we will have a *read-only* mirror of this organization and repo on it. It will not replace GitHub at this time.

❤️ 1

ghost commented

2019-04-15 18:33:15 +00:00

(Migrated from github.com)

We’re going to have a public GitLab instance installed in the next few days

That's a good direction to go in. Will be interesting to see if it can be configured in a way that avoids the shortcomings of the gitlab.com service. (edit: other Gitlab instances like code.briarproject.org are CAPTCHA-encumbered)

Will the general public be able to register and create repositories?

> We’re going to have a public GitLab instance installed in the next few days That's a good direction to go in. Will be interesting to see if it can be configured in a way that avoids the shortcomings of the gitlab.com service. (edit: other Gitlab instances like code.briarproject.org are CAPTCHA-encumbered) Will the general public be able to register and create repositories?

jonah commented

2019-04-16 00:38:57 +00:00

Will the general public be able to register and create repositories?

Yes that's going to be the main intent of the service, us having a mirror on the site is just an added bonus.

> Will the general public be able to register and create repositories? Yes that's going to be the main intent of the service, us having a mirror on the site is just an added bonus.

IzzySoft commented

2019-04-16 16:21:38 +00:00

(Migrated from github.com)

Mirroring is a good idea – one never knows when a DCMA (right or wrong) strikes, the hoster's business makes bad decisions, etc. But for privacy reasons: why need it be GitLab? Codeberg would be the much more logic choice for a privacy oriented F/L OSS project. Setup a mirror now (I already did so for my "core projects"), and even consider turning the direction once Codeberg has full support for migrating issues and merge requests along, making Codeberg your new home and, for backup purposes, mirror back here 😃

Mirroring is a good idea – one never knows when a DCMA (right or wrong) strikes, the hoster's business makes bad decisions, etc. But for privacy reasons: why need it be GitLab? [Codeberg](https://codeberg.org/) would be the much more logic choice for a privacy oriented F/L OSS project. Setup a mirror now (I already did so for my "core projects"), and even consider turning the direction once Codeberg has full support for migrating issues and merge requests along, making Codeberg your new home and, for backup purposes, mirror back here 😃

ghost commented

2019-04-16 19:14:31 +00:00

(Migrated from github.com)

@IzzySoft

But for privacy reasons: why need it be GitLab?

There are clearly privacy abuses with Gitlab as a centralized service, but I've not heard of any privacy issues with self-hosting using Gitlab software. Can you elaborate?

If self-hosting, Gitea is apparently what Codeberg uses. Is that what you would favor over Gitlab software? Since other self-hosted Gitlab projects have the usability broken due to CAPTCHA issue, it looks like gitea or gogs would be favorable.

@IzzySoft > But for privacy reasons: why need it be GitLab? There are clearly privacy abuses with Gitlab as a centralized *service*, but I've not heard of any privacy issues with self-hosting using Gitlab software. Can you elaborate? If self-hosting, Gitea is apparently what Codeberg uses. Is that what you would favor over Gitlab software? Since other self-hosted Gitlab projects have the *usability broken due to CAPTCHA* issue, it looks like gitea or gogs would be favorable.

IzzySoft commented

2019-04-16 20:47:50 +00:00

(Migrated from github.com)

I selfhost Gitea on a Pi (for my local stuff, and as mirror for what I have publically at e.g. Github/GitLab). Startup time for Gitea on that Pi is less than a second. Ever tried that with GitLab? 🤣

For self-hosting, the software you use must cover your requirements. If you need extensive CI support, GitLab might be a good choice. If you can do completely without, it might be overkill. Plus the captcha thingy.

So yes, I'd favor Gitea. And unless you're in "providing privacy related software/hosting services" anyway already, I'd go with Codeberg. Do what you do best and don't get distracted 😉

I selfhost Gitea on a Pi (for my local stuff, and as mirror for what I have publically at e.g. Github/GitLab). Startup time for Gitea on that Pi is less than a second. Ever tried that with GitLab? :rofl: For self-hosting, the software you use must cover your requirements. If you need extensive CI support, GitLab might be a good choice. If you can do completely without, it might be overkill. Plus the captcha thingy. So yes, I'd favor Gitea. And unless you're in "providing privacy related software/hosting services" anyway already, I'd go with Codeberg. Do what you do best and don't get distracted :wink:

jonah commented

2019-04-17 00:48:54 +00:00

And unless you're in "providing privacy related software/hosting services" anyway already

Matrix: chat.privacytools.io
Mastodon: social.privacytools.io
Write Freely: write.privacytools.io
Searx: search.privacytools.io
Pastebin: bin.privacytools.io

And now, git.privacytools.io 😉

This repo is now mirrored at https://git.privacytools.io/privacytoolsIO/privacytools

> And unless you're in "providing privacy related software/hosting services" anyway already - Matrix: `chat.privacytools.io` - Mastodon: `social.privacytools.io` - Write Freely: `write.privacytools.io` - Searx: `search.privacytools.io` - Pastebin: `bin.privacytools.io` And now, [`git.privacytools.io`](https://git.privacytools.io) :wink: This repo is now mirrored at https://git.privacytools.io/privacytoolsIO/privacytools

IzzySoft commented

2019-04-17 08:47:05 +00:00

(Migrated from github.com)

Yeah, should have checked with your site first 🤣

Speaking of which: The Facebook-Share-Thingy looks a bit strange on a site promoting privacy. I'd rather remove that ("against global mass surveillance", as the subject of the mail link states). Privacy and Facebook are contradicting terms: Who's on Facebook doesn't take privacy seriously (enough) – and who takes privacy seriously isn't on Facebook. A privacy promoting site shouldn't link there (and no, "everybody does" and "many people are there" doesn't really count 😉).

"Well, FB can't be that bad if even privacytools.io links to/promotes it…" (yes, that sharing button can be seen as "promotion")

Yeah, should have checked with your site first 🤣 Speaking of which: The Facebook-Share-Thingy looks a bit strange on a site promoting privacy. I'd rather remove that ("against global mass surveillance", as the subject of the mail link states). Privacy and Facebook are contradicting terms: Who's on Facebook doesn't take privacy seriously (enough) – and who takes privacy seriously isn't on Facebook. A privacy promoting site shouldn't link there (and no, "everybody does" and "many people are there" doesn't really count :wink:). "Well, FB can't be that bad if even privacytools.io links to/promotes it…" (yes, that sharing button can be seen as "promotion")

ghost commented

2019-04-17 09:46:37 +00:00

(Migrated from github.com)

@IzzySoft