• marsara9@lemmy.world
    link
    fedilink
    English
    arrow-up
    54
    arrow-down
    2
    ·
    1 year ago

    IMHO federation doesn’t bring any real benefits to git and introduces a lot of risks.

    The git protocol, if you will, already allows developers to backup and move their repositories as needed. And the primary concern with source control is having a stable and secure place to host it. GitHub already provides that, free of charge.

    Introducing federation, how do you control who can and cannot make changes to your codebase? How do you ensure you maintain access if a server goes down?

    So while it’s nice that you can self host and federate git with GitLab, what value does that provide over the status quo? And how do those benefits outweigh the risks outlined above?

    • james@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      You bring up some good points. I agree on the risk, even though I’m a fan I find federated tools harder to get started with.

      I agree git is decentralized, but services like GitHub are not. They’re more than just hosting code. They’re issues, wiki’s, CI/CD, peer reviews, etc.

      how do you control who can and cannot make changes to your codebase?

      I’d image it’s the same as now. Except now you could say @everyone@that-server is cool and can contribute, or @those-guys@over-there shouldn’t even be allowed to see this code.

      How do you ensure you maintain access if a server goes down?

      How do you do this on GitHub?

      what value does that provide over the status quo?

      I feel like this is the root of fediverse problems. It’s easy to send your first tweet, but that first toot takes some effort (I just learned they’re called toots).

      • marsara9@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Btw I appreciate the fediverse and decentralization as much as the next guy, heck I’m even writing software for the fediverse. But I feel like there’s a handful of people out there that want to try and apply the fediverse concept to everything. Similar to what happened with Blockchain. Everyone and everything had to be implemented via Blockchain even if it didn’t make sense in the end.

        IMO though, GitHub is just one “instance” in an already decentralized system. Sure it may be the largest but it’s already incredibly simple for me to move and host my code anywhere else. GitHub’s instance just happens to provide the best set of tools and features available to me.

        But back to my original concerns. Let’s assume you have an ActivityPub based git hosting system. For the sake of argument let’s assume that there’s two instances in this federation today. Let’s just call them Hub and Lab…

        Say I create an account on Hub and upload my repository there. I then clone it and start working… It gets federated to Lab… But the admin on Lab just decides to push a commit to it directly because reasons… Hub can now do a few things:

        1. They could just de-federate but who knows what will happen to that repo now.
        2. Hub could reject the commit, but now we’re in a similar boat, effectively the repo has been forked and you can’t really reconcile the histories between the two. Anyone on Lab can’t use that repo anymore.
        3. Accept the change. But now I’m stuck with a repo with unauthorized edits.

        Similarly if Hub was to go down for whatever reason. Let’s assume we have a system in place that effectively prevents the above scenario from happening… If I didn’t create an account on Lab prior to Hub going down I now no longer have the authorization to make changes to that repository. I’m now forced to fork my own repository and continue my work from the fork. But all of my users may still be looking for updates to the original repository. Telling everyone about the new location becomes a headache.

        There’s also issues of how do you handle private repositories? This is something that the fediverse can’t solve. So all repos in the fediverse would HAVE to be public.

        And yes, if GitHub went down today, I’d have similar issues, but that’s why you have backups. And git already has a solution for that outside the fediverse. Long story short, the solutions that the fediverse provides aren’t problems that exist for git and it raises additional problems that now have to be solved. Trying to apply the fediverse to git is akin to “a solution in search of a problem”, IMHO.

      • Mubelotix
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I would like to add that git is a pretty good example of data people have backups for. I don’t care if Github blows up tomorrow because I have repos on my disk. Even if my disk also dies, my friends have my repos cloned so I wouldn’t lose much