2fa is not a requirement. You don’t have to use it.
I’m just not as young as most of you kiddos (no pun intended) 
So if there will be a change, it will take me some time (not sure how long, I’m familiar with basic git things not that long ago) if I get there at all.
It’s still exactly the same git command you will use.
The workflow with creating pull requests and merging them works exactly the same on Codeberg as on Github.
Even the user interface looks almost the same,if you think of Github a few months,maybe a year ago.
It’s a non-profit organization,not a company.
Also,the Forgejo software can be self-hosted if we want to be fully independent.
LOL, trying to register an account there … “Sign in with github” or “Sign in with gitlab” (not required but still made me laugh) 
1 Like
-1 for only using self-hosted tools because it are much less reliable. There are much higher chances that data will be lost on self-hosted repos than on GitHub/GitLab that have a tons of backups all over the world.
4 Likes
I don’t mind if haikuports is moved to another system (or HaikuArchives for that matter).
Most important to me is that the webinterface works in Web+.
To the moving project the most important is: Can tickets and PRs be migrated there?
Then abuse them as read-only mirror for backup purposes,but don’t force every contributor to have an account with them.
2FA on GitHub is just TOTP authentication algorithm that can be called from a simple Python script. It do not need mobile phone or any kind of complex proprietary software.
1 Like
Sure. It’s “just” totp.
I’ve already lost access to my bitbucket account to TOTP, i don’t care to have to fear that i might loose it because of some specific computer going haywire.
Anyhow, the backup argument is kind of moot, git is already distributed. In order to loose all repos you’d have to destroy every haikuports contributers computer…
2 Likes
I suspect that for most developers it is easier to use existing GitHub account instead creating new account on every new web site. It is also why “Login with GitHub” buttons are so popular. I would expect significant drop of contributions if move from GitHub to selfhosting.
Don’t break what is not broken.
9 Likes
How? Consider that TOTP this just yet another password that is not transferred as plain text. It can be stored in the same way as any other password.
It’s a software you have to run on a specific computer to compute the secret for that moment. If you loose access to that computer you then also loose access to the account. Because it simply isn’t just a password.
It is a password, not a software. Software is a thing that converts password into value that should be typed to login. That software can be written in a few lines of Python code. TOTP private key (password) can be stored in keychain management software like every other password. And backups can be taken if needed, including writing passwords on paper.
While I am not tried, it should be possible to calculate TOTP one time password from private key and wall clock time by hand using paper and pen without any computers at all.
This isn’t true. There are plenty of password managers that handle TOTP and synchronize the TOTP state across devices, so that if you lose access to one you still have access to TOTP. And even without that, you always get “backup codes” that you can use in the event you do lose your TOTP generator.
2 Likes
It did happen to me regardless, and telling me to employ an even more complex solution isn’t really a solution. You are just pilling more and more complexity onto a problem that shouldn’t even exist in the first place.
I’ve already been using 2FA via email with services for years, yet that somehow now isn’t enough. I am not really interested to hear more excuses of “oh its easy you just do this”.
1 Like
This is the main point that I would be in favour of keeping it. GitHub has the main advantage of discoverability and a large pool of developers and I suspect that moving to a self-hosted Gitlab or Gerrit instance would be very unpleasant for existing and new joiners already used to GitHub resulting in a large loss of contributions.
3 Likes
As a user, I don’t like to need a GitHub account simply to report few bugs from time to time.
I don’t like either that I have to register to different sites and to learn to use them because the software is on different repos. What do I do when the repo is not big enough to have a tracker?
For sake of users, the initial bug tracker should be the same. Anyway you need a triage, so once considered as valid, bugs would be forwarded to the relevant repo tracker. Since there wouldn’t be reports made directly on repo tracker, it would allow setups more devs oriented.
And no, from a user point of view, having a single password is not enough nor it is the same as going to an unique site.
1 Like
you could lose your password with any other tool as well.
totp is just an additional password or ssh key. You managed yours badly and lost it, ok, but you can’t blame the software for that.
focusing on this issue, which isn’t related to the software used, is not a good argument for moving off Github. If anything, it is an argument to allow people to log in with more centralized services (github, google, gitlab, facebook, …) so they always have one of these available to recover their accounts.
So, let’s forget about this invalid argument. Next time, make sure you store your totp key and your password securely, and try to pick software that does not hide the key from you. Really it is not more complicated than managing an ssh key.
That being said, let’s see the real arguments for moving off Github:
pros:
-it’s a closed source, for-profit thing. I think we should use open source software as much as possible. Also, since it is for-profit but not profitable, it is likely that it will either close or become a paying offer at some point.
- there are some glitches in web+ occasionally (but really, that’s web+ fault, and would likely happen with the alternatives)
neutral:
- some people seem to hate github for whatever reason. I believe this will be the case with any other tool we pick. We will get “why don’t you just use github?” questions instead of “why do you use github?” questions
cons:
- for now, it’s free and quite reliable. Self-hosting things has a cost in terms of money (paying for the servers) and time (sysadmin work). No one is willing to spend that time and pay that money. Sure, this won’t last forever, but we can reconsider our options when that day comes.
- github is well-known by many developers. In the case of haikuports, this is useful because we get “drive-by” contributions from other projects, who will update their own dependencies and packages for the software they write
- migrating takes some effort. The git repository is easy, the issues is possible (I made a script to migrate github issues to trac, it was just a couple hours of work), the wiki and pages will need some rework. The buildmasters will also need some updates. There will be a lot of dead links to update elsewhere. Who is going to do all this work?
2 Likes