A Federated Git
7 27 2019 by fakefred
I just joined Mastodon, a concept I like very much.
The problem with GitHub
You might have already heard of what I'm concerned: news has it that GitHub banned Iranian and Crimean accounts from using their "free" features (private repos etc), and furthermore prevented the users from accessing their data stored in private repos, thus forbidding exportation. Tada! Warnings are for coward governments. A nation that is great again need not care about their adversaries. Obviously this is the US Trade people holding the puppets. Why stop at US citizens? The world must comply with US laws! In case you are not a fan of Iran/Crimea, good luck, pretty sure a place with similar opinions as the US will not be the next target, huh.
The problem is that, as a SaaS (software as a service) provider, GitHub is purely based in the US; everything, from everywhere, flows to GitHub through optical fibers, one of whose ends connects to America. This means the US has control over your stuff, your account, literally anything.
Consequently, I've decided that SaaS is simply not feasible for a neutral and healthy internet, especially when the SaaS is inside a nation under a dickhead's administration. What the internet and developer community really need is, like Mastodon in microblogging, another federated mesh of git hosts.
A federated network is a set of servers running instances of software that support the same protocol. The networks could be operated by a corp, an org, an individual or a far-right userbase that the world hates (dang). Each server (node) can establish its own rules, ToS, CoC, instead of having to follow those of a centralized server.
So can be the case of git hosts. Imagine a network formed with hundreds of nodes, each hosting as few as 10, or as many as 5 million repos, while users on each node can freely interact with users from other nodes, as naturally as they normally interact on GitHub. Sysadmins can enable/disable private repos, or pick whether and how to monetize from additional services to pay for their expenses. Users' rights get respected on servers operated by some cool developers who they have attended a key-signing party with, not a corporate.
^ I registered none of the names in appearance above.
^ How one repo from the federated network would look like.
What's wrong with the non-GitHub options we have now?
Self-hosted options as of today are analogous to Pacific Ocean islands: tiny, mostly serving one single org, and in isolation. They currently are not capable of interacting with each other, as no such protocol like ActivityHub, which powers Mastodon, is existent for git. Once connected, and accepting new user registrations, they can serve as nodes of a vibrant community.
The good news is that Gitea has one issue proposing the federation concept. Interfaces resembling GitHub, they are good candidates for the federated git, and may hopefully take over GitHub as the best choice for git hosting.
So… what if no one wants to build yet another git service just to form a federated network?
We don't have to. On top of existing services incl. gogs and gitea, we can make their devs' lives easier by, instead of starting a brand new branch named "federated", writing a sort of plugin as a standalone based on a good and stable protocol, exposing an API to git hosting software. The plugin takes care of interaction between nodes, and has absolutely nothing to do with git itself. This way the existent git software can get rid of protocol-compliance hassle, or even opt out of the fediverse at all, if they decide to be alone.
Pitfalls to avoid
Avoid the US (and other weird places) in general
Back in July 2018, GitLab annonced migration from Azure to Google Cloud Platform. Was this good? Probably, but only if you would like to neglect these countries:
- North Korea
^ Link: GCP Move Update
…Have fun doing business with the US.
Even you're like, "screw SaaS, I'll pick something else," be careful whether:
- Your server is hosted in a DC in Los Angeles
- Your TLD is ".com", which is operated by VeriSign (pretty low risk though)
Don't let Gab in this time. Very bad.
In this blogpost, outraged by GitHub's decision, I proposed a federated approach to git hosting and interactions between developers, which consists of a network of decentralized nodes, possibly as a plugin to existing git self-hosting software, enabling a neutral, diverse and non-discriminative git community, while retaining the choice for git instances to remain isolated. I also outlined some pitfalls I recently learnt that exist.