Very positive to have a governmental hosted git/code platform, although I would still advise Gitea (it's not documented that pick is explored).
I'm a self hosting GoGogs / Gitea user for almost 10 years, I did follow the Gitea fork. However regarding the Forgejo fork: the main contributors stayed with Gitea. The ideologically forked Forgejo made some license changes and hard fork decisions that increased the maintenance burden even more, resulting in missing upstream features and decreased security. Forgejo is more busy managing ideals, than creating software.
> The ideologically forked Forgejo made some license changes
Lets be clear. These "some license changes" that you reference was Forgejo forked Gitea and replaced MIT license with GPLv3. Forgejo doesn't want to be contributing to receiving effort from contributors into a project that then gets re-used, re-branded, and exploited by a big corp. By making the project copyleft they ensured that the contributions stay Free. This was an ethical move.
Gitea on the other hand doesn't mind sucking up free-of-charge contributions and handing them to a company to build their walled garden around.
The issue with deviating from the upstream license is that only the code author can upstream a patch, since GPLv3 cannot be changed by a non-author of the code to MIT. Resulting in less being patched upstream, and so more merge conflicts, the maintenance burden I was talking about.
> Forgejo is more busy managing ideals, than creating software.
But managing ideals is far more important than creating software. Software is just a tool. It's a mean to an end, it's not the end in itself.
If software improves humanity we should create it. If not, we shouldn't. We shouldn't create software just because. We can, but that's not ethical.
And regarding your comments that "the original contributors stayed with Gitea", as if that's a point in favor of Gitea: Well of course! If the original contributors wanted copyleft that's how they would've licensed it. To me that just reinforces that I don't want to contribute to their project.
The misquotation was an accident but the point is the same. If the set of people who wanted to contribute to Free software split with from those who wanted to work for companies for free, that's an improvement.
> The ideologically forked Forgejo made some license changes and hard fork decisions that increased the maintenance burden even more, resulting in missing upstream features and decreased security. Forgejo is more busy managing ideals, than creating software.
And from other comments:
> When deciding which software fork to pick, it is about the development power.
> In my view they don't have the development to keep up with Gitea.
How do you come to the conclusion that Gitea has more development power? Looking at the Insights / Activities overview of each repository there were slightly more authors with more contributions to Forgejo over the last month. Acknowledging that this fluctuates I'd estimate that both projects are similarly active.
Also, Forgejo is actually dogfooding its development, which is much more reassuring than what Gitea does IMO.
As I've mentioned elsewhere [0], sometimes there's just fake outrage trying to associate drama or a general feeling of disapproval with a particular project.
I responded to that comment, but it does not address why you think Forgejo is lacking development power. IMO it rather shows a lack of understanding on your part of what Forgejo is today. It no longer is a superset of Gitea since the hard fork, but its own independent project instead. And as such it has at least comparable activity to Gitea, which is reflected e.g. in the unique features that Forgejo has, but Gitea doesn't.
> Forgejo is more busy managing ideals, than creating software.
Can't say I agree with this point. Zig has been trying out Forgejo/Codeberg as an alternative to GitHub, and about two months into the experiment, almost all of our technical concerns with Forgejo (and Forgejo Actions) have been addressed, with the only straggler being a UI bug related to the Cancel button in the Actions infrastructure (which has a WIP PR open, and which also has a straightforward workaround).
I can't speak to the platforms themselves, but in regards to their CI systems, it looks to me like the Forgejo Actions runner sees more development than the Gitea act_runner. For example, Forgejo gained support for concurrency groups recently, which to my knowledge are still not supported in Gitea.
The Forgejo people say that it is Gitea who is compromising security [0]. Not involved either way, but I have seen enough rug pulls that I will prefer the product which does not have a commercial offering and financial incentives to sabotage it.
I know the claims, but look at Gitea version v1.24.7 (with some security fixes), released on October 25th, which includes 'fix LFS auth bypass, fix symlink bypass' that was merged on October 20th (#35708). This was fixed in Forgejo on the 25th
https://codeberg.org/forgejo/forgejo/commit/fa1a2ba669301238...
and released on the 26th, although "Originally scheduled for 7 November, the release date of these patches was advanced because a vulnerability had been leaked publicly." (https://codeberg.org/forgejo/forgejo/src/branch/forgejo/rele...)
Re: delayed security fixes, if a vulnerability is not yet publicly known and there is no indication that it is actively abused it is common practice to schedule fixes and give advance notice of them to have administrators be prepared to update promptly. The fact that the vulnerability was leaked beforehand is unfortunate, but Forgejo handled it well with rescheduling their release in response.
Re: license change, hard forking, and new features: my understanding is that Gitea wasn't very open to contributions coming from Forgejo. The hard fork seems to be a consequence of that. Yes, there used to be weekly cherry picks, I assume they stopped exactly because Forgejo and Gitea diverged to much and they became too much of a maintenance burden. Yes, this means Gitea has gotten features that aren't present in Forgejo since then. But you miss the point of the hard fork if you count this as a negative: Forgejo is deliberately diverging from Gitea now. Cooperation didn't work out, so they are no longer a superset of Gitea, but an entirely separate project. And as such they don't have more maintenance burden than Gitea itself.
And Forgejo definitely does not lack development power as its own now-independent project. They have features themselves that Gitea doesn't have. One notable that comes to mind is storage quotas, but there are many more too.
Thanks. I was wondering what is the status of it, given that Forgejo is being pushed more in the media lately. TBH, I haven't understood the controversy even after reading a couple of recaps. I remember it being about having "suddenly revealed" a couple of years ago that the guy on top is the owner of the trademark. Doesn't sound like a big deal to me, given that he actually was the main contributor and de-facto the leader of the project the whole time.
But then a couple of years have passed, and I started to hear about Forgejo more often only very recently, so I was wondering, if maybe the original project actually had some downfall and questionable technical decisions since. I still haven't switched, and was wondering if I should do so. As far, as I've heard it's still basically a matter of running the different docker container with the same volume, and it should work seamlessly. So what's about this "hard fork" you are mentioning? Did it actually break compatibility?
Forgejo used to be a set of patches applied on Gitea, but they moved to a fork with cherry picking Gitea commits, this is more work. In my view they don't have the development to keep up with Gitea.
> Forgejo is more busy managing ideals, than creating software.
How many Elastic Searches will it take for people to realize that this is mandatory. Linux would not be where it is today were it not for some ideals wrangling.
Based on those meeting notes, the conflict of interest that arises when attempting to add features that compete with paid ones is real. So its that ideology that it is actually needed for a Government user/contributor.
To this day anything of worth that's been added to Gitea is released under MIT. Their business model is: you pay us to develop the features we need, we release them for everybody, which is how their collaboration with Blender has been working thus far. If it's good enough for Blender, who decided to stay with Gitea, it's good enough for me.
Not sure: the government could just buy Gitea Enterprise license right? And thereby not really run true 'open source' software, but it would support the main development behind Gitea.
There's a batch of dialog that indicates an interest in 'digital sovereignty', so it sounds like they are less interested in being an explicit customer of a given company.
My point was that you don't need to compete with paid features, just please give the developers money to develop the software further (and fix bugs/issues), so e.g. buy some 'enterprise license', even if you don't need it in terms of features.
It appears to me that the rationale was clearly stated in GP:
> resulting in missing upstream features and decreased security
I.e. it's a matter of technical superiority, which, to me, how the decisions should be made. Not by having friends in the community and all of us being Europeans and so on. (But, of course, I would be glad to hear more particular details/examples of Forgejo lagging behind.)
You should simply compare release notes over the same time period for both projects, what's been done and how much. There's lots of nonsense repeated on this site and others, just do the research yourself, it won't take long. They both have very predictable release schedules.
We've stuck with Gitea, after not being impressed by the extremely FUDish behavior of the main driver of the fork, and this has proven to be the right choice so far. In spite of what some people claim, all of the major contributors to Gitea have continued developing it, none of the "heavy hitters" have left. It shows.
The database can be downgraded anyway. I've been doing backwards migrations for each new version all the way back to 1.22 (which is the last Gitea version that is "side-gradable" to Forgejo).
i dont get this blindspot by lots of developers parroting this uber technocratic nonsense.
There's no such thing as some apolitical, objectively best approach to a technical problem. Instead of arguing about specific merits about specific issues people throw out this big wide handwave about how "idea X is simply technically the wrong choice", as if this is a legit position to have.
Take a philosophy course for god's sake before you engineer us all to death.
I used to self-host Gogs on an RPi half a decade ago. At least for the needs of 1-2 people, it was one of the best pieces of software I ever used. If someone needs to host their repos privately, Gogs is more than enough.
I used Gitea for a while. I eventually switched to gitolite and CGit primarily because Gitea (and Forgejo) force you into a flat organization/project structure. This makes organizing personal projects harder because:
1. you need to create an organization for each group (lang, tools, template, etc.)
2. you can't create more complex organization structure (e.g. template/python/python-flask-template)
3. you can't group projects with different top-level names (e.g. apps, tools, lang; such as lang/java and tools/gradle) or across a top-level name (e.g. by programming language such as lang/typescript and lang/python)
Not sure if it's mentioned because I didn't read the whole thing but maybe it's good to know for those of you not familiar with Dutch government that most open source code (and possibly even private code) from all Dutch government orgs is currently hosted on private/public GitHub repositories.
If they move to self hosted Forgejo (which I assume this meeting is all about) Microsoft is going to lose a pretty big customer.
And yes, (good) CI is still is a big blocker to move to Forgejo for any org (or self hosting). Hope they can speed things up a bit there now they now a gov org is seriously interested.
After having worked extensively with both I still feel that Gitlab CI is miles better than GH actions. I'm a bit stunned that forgejo aims to reimplement GH actions..
They're aiming at making it near effortless to migrate off GitHub, and 99% of all GitHub users are using Actions... so there's that.
But yes, they also should work on making it super easy to integrate best of breed OSS CI/CD with their SCM and turn Actions off. If they manage that they are on their way making a product which blows GitHub and Gitlab right out of the water. Because while Gitlab allows to integrate third party CI/CD it really feels clunky. (at least at the time I've used it professionally)
Forgejo’s agent is brilliant to be honest. It’s a very well contained service, written in Go and builds in practically anything. Even before it was supported, I was able to setup a couple of my old Macs to become agents for building iOS apps… my very own “Xcode Cloud” from the back the office.
This is brilliant, especially if this kind of approach was adopted in policy development. Chunks of vetted “code” that is transparently shared and can be used by other governments facing similar challenges…imagine…
I really really want the US legal process to abandon a certain style of incredibly cryptic bill, which contains hundreds of "the word foo shall be inserted in between teh words"-style changes.
It often seems like a trick to make is so that nobody really knows what they're voting on, as opposed to a wholesale "replace that entire section with the readable information below". I suppose, to be charitable, it may have originated as a conflict-avoidance strategy.
Ideally, bills would be changesets that can easily be turned into before-vs-after comparisons for legislators to review and approve.
It's a shame that oliverpool uses the language of "open source software", especially given that forgejo has a Free license.
Words matter, and this would've been a great opportunity to raise awareness to the problem of oppressive software. I think these days most people have an intuition that this is happening.
Very positive to have a governmental hosted git/code platform, although I would still advise Gitea (it's not documented that pick is explored).
I'm a self hosting GoGogs / Gitea user for almost 10 years, I did follow the Gitea fork. However regarding the Forgejo fork: the main contributors stayed with Gitea. The ideologically forked Forgejo made some license changes and hard fork decisions that increased the maintenance burden even more, resulting in missing upstream features and decreased security. Forgejo is more busy managing ideals, than creating software.
> The ideologically forked Forgejo made some license changes
Lets be clear. These "some license changes" that you reference was Forgejo forked Gitea and replaced MIT license with GPLv3. Forgejo doesn't want to be contributing to receiving effort from contributors into a project that then gets re-used, re-branded, and exploited by a big corp. By making the project copyleft they ensured that the contributions stay Free. This was an ethical move.
Gitea on the other hand doesn't mind sucking up free-of-charge contributions and handing them to a company to build their walled garden around.
Correct, also see the initial discussion about changing the license: https://codeberg.org/forgejo/governance/pulls/24#issuecommen...
The issue with deviating from the upstream license is that only the code author can upstream a patch, since GPLv3 cannot be changed by a non-author of the code to MIT. Resulting in less being patched upstream, and so more merge conflicts, the maintenance burden I was talking about.
> Forgejo is more busy managing ideals, than creating software.
But managing ideals is far more important than creating software. Software is just a tool. It's a mean to an end, it's not the end in itself.
If software improves humanity we should create it. If not, we shouldn't. We shouldn't create software just because. We can, but that's not ethical.
And regarding your comments that "the original contributors stayed with Gitea", as if that's a point in favor of Gitea: Well of course! If the original contributors wanted copyleft that's how they would've licensed it. To me that just reinforces that I don't want to contribute to their project.
Not sure why you misquoted, I said "the main contributors stayed with Gitea", also see https://news.ycombinator.com/item?id=45929247#45931139
When deciding which software fork to pick, it is about the development power. Also note my point about security: https://news.ycombinator.com/item?id=45929247#45930310
The misquotation was an accident but the point is the same. If the set of people who wanted to contribute to Free software split with from those who wanted to work for companies for free, that's an improvement.
> The ideologically forked Forgejo made some license changes and hard fork decisions that increased the maintenance burden even more, resulting in missing upstream features and decreased security. Forgejo is more busy managing ideals, than creating software.
And from other comments:
> When deciding which software fork to pick, it is about the development power.
> In my view they don't have the development to keep up with Gitea.
How do you come to the conclusion that Gitea has more development power? Looking at the Insights / Activities overview of each repository there were slightly more authors with more contributions to Forgejo over the last month. Acknowledging that this fluctuates I'd estimate that both projects are similarly active.
Also, Forgejo is actually dogfooding its development, which is much more reassuring than what Gitea does IMO.
As I've mentioned elsewhere [0], sometimes there's just fake outrage trying to associate drama or a general feeling of disapproval with a particular project.
[0]: https://news.ycombinator.com/item?id=45597749
can't read your linked comment: [flagged]
Do yourself a favor and enable showdead in settings.
See https://news.ycombinator.com/item?id=45929247#45930310
I responded to that comment, but it does not address why you think Forgejo is lacking development power. IMO it rather shows a lack of understanding on your part of what Forgejo is today. It no longer is a superset of Gitea since the hard fork, but its own independent project instead. And as such it has at least comparable activity to Gitea, which is reflected e.g. in the unique features that Forgejo has, but Gitea doesn't.
> Forgejo is more busy managing ideals, than creating software.
Can't say I agree with this point. Zig has been trying out Forgejo/Codeberg as an alternative to GitHub, and about two months into the experiment, almost all of our technical concerns with Forgejo (and Forgejo Actions) have been addressed, with the only straggler being a UI bug related to the Cancel button in the Actions infrastructure (which has a WIP PR open, and which also has a straightforward workaround).
I can't speak to the platforms themselves, but in regards to their CI systems, it looks to me like the Forgejo Actions runner sees more development than the Gitea act_runner. For example, Forgejo gained support for concurrency groups recently, which to my knowledge are still not supported in Gitea.
The Forgejo people say that it is Gitea who is compromising security [0]. Not involved either way, but I have seen enough rug pulls that I will prefer the product which does not have a commercial offering and financial incentives to sabotage it.
https://forgejo.org/compare-to-gitea/
I know the claims, but look at Gitea version v1.24.7 (with some security fixes), released on October 25th, which includes 'fix LFS auth bypass, fix symlink bypass' that was merged on October 20th (#35708). This was fixed in Forgejo on the 25th https://codeberg.org/forgejo/forgejo/commit/fa1a2ba669301238... and released on the 26th, although "Originally scheduled for 7 November, the release date of these patches was advanced because a vulnerability had been leaked publicly." (https://codeberg.org/forgejo/forgejo/src/branch/forgejo/rele...)
Security wise, Gitea was safer in this case.
Also note the SECURITY.md was deleted: https://codeberg.org/forgejo/forgejo/commit/277dd02e706b6e51..., there is a security https://forgejo.org/docs/next/contributor/discussions/#secur... but it's a bit harder to find.
The problem is, Forgejo changed the license (https://codeberg.org/forgejo/governance/pulls/24#issuecommen...) and ended up doing a hard fork (https://forgejo.org/2024-02-forking-forward/#consequences-of...) which creates quite some maintenance burden. There used to be a (weekly) gitea chery-pick (e.g. https://codeberg.org/forgejo/forgejo/pulls?state=closed&labe...) but the TODO section was getting ever larger, and it seems it stopped in July (week 26).
So they start missing stuff, e.g. features like https://codeberg.org/forgejo/forgejo/issues/9552
Re: delayed security fixes, if a vulnerability is not yet publicly known and there is no indication that it is actively abused it is common practice to schedule fixes and give advance notice of them to have administrators be prepared to update promptly. The fact that the vulnerability was leaked beforehand is unfortunate, but Forgejo handled it well with rescheduling their release in response.
Re: license change, hard forking, and new features: my understanding is that Gitea wasn't very open to contributions coming from Forgejo. The hard fork seems to be a consequence of that. Yes, there used to be weekly cherry picks, I assume they stopped exactly because Forgejo and Gitea diverged to much and they became too much of a maintenance burden. Yes, this means Gitea has gotten features that aren't present in Forgejo since then. But you miss the point of the hard fork if you count this as a negative: Forgejo is deliberately diverging from Gitea now. Cooperation didn't work out, so they are no longer a superset of Gitea, but an entirely separate project. And as such they don't have more maintenance burden than Gitea itself.
And Forgejo definitely does not lack development power as its own now-independent project. They have features themselves that Gitea doesn't have. One notable that comes to mind is storage quotas, but there are many more too.
Thanks. I was wondering what is the status of it, given that Forgejo is being pushed more in the media lately. TBH, I haven't understood the controversy even after reading a couple of recaps. I remember it being about having "suddenly revealed" a couple of years ago that the guy on top is the owner of the trademark. Doesn't sound like a big deal to me, given that he actually was the main contributor and de-facto the leader of the project the whole time.
But then a couple of years have passed, and I started to hear about Forgejo more often only very recently, so I was wondering, if maybe the original project actually had some downfall and questionable technical decisions since. I still haven't switched, and was wondering if I should do so. As far, as I've heard it's still basically a matter of running the different docker container with the same volume, and it should work seamlessly. So what's about this "hard fork" you are mentioning? Did it actually break compatibility?
Have a look at this: https://lwn.net/Articles/963608/
See https://news.ycombinator.com/item?id=45929247#45930310
Forgejo used to be a set of patches applied on Gitea, but they moved to a fork with cherry picking Gitea commits, this is more work. In my view they don't have the development to keep up with Gitea.
> Forgejo is more busy managing ideals, than creating software.
How many Elastic Searches will it take for people to realize that this is mandatory. Linux would not be where it is today were it not for some ideals wrangling.
It really depends, e.g. take a look at PostgreSQL, which is licensed under the PostgreSQL License, which is similar to MIT.
IMHO a MIT license is better than AGPL with a Contributor License Agreement (CLA) like with Elastic.
Gitea is MIT, so free and open-source, permissive.
Also see https://news.ycombinator.com/item?id=45929247#45930949
Based on those meeting notes, the conflict of interest that arises when attempting to add features that compete with paid ones is real. So its that ideology that it is actually needed for a Government user/contributor.
To this day anything of worth that's been added to Gitea is released under MIT. Their business model is: you pay us to develop the features we need, we release them for everybody, which is how their collaboration with Blender has been working thus far. If it's good enough for Blender, who decided to stay with Gitea, it's good enough for me.
The given example is from GitLab - thanks for pointing out that Gitea follows a different OSS strategy.
Not sure: the government could just buy Gitea Enterprise license right? And thereby not really run true 'open source' software, but it would support the main development behind Gitea.
There's a batch of dialog that indicates an interest in 'digital sovereignty', so it sounds like they are less interested in being an explicit customer of a given company.
You can do that by self hosting the code.
My point was that you don't need to compete with paid features, just please give the developers money to develop the software further (and fix bugs/issues), so e.g. buy some 'enterprise license', even if you don't need it in terms of features.
Why would they rather talk to gitea?
Isn't it sensible for a European government to talk to a player that is being backed by European companies and has a cleaner approach to open source?
I'm not arguing, I'm asking what's the rationale here.
It appears to me that the rationale was clearly stated in GP:
> resulting in missing upstream features and decreased security
I.e. it's a matter of technical superiority, which, to me, how the decisions should be made. Not by having friends in the community and all of us being Europeans and so on. (But, of course, I would be glad to hear more particular details/examples of Forgejo lagging behind.)
You should simply compare release notes over the same time period for both projects, what's been done and how much. There's lots of nonsense repeated on this site and others, just do the research yourself, it won't take long. They both have very predictable release schedules.
We've stuck with Gitea, after not being impressed by the extremely FUDish behavior of the main driver of the fork, and this has proven to be the right choice so far. In spite of what some people claim, all of the major contributors to Gitea have continued developing it, none of the "heavy hitters" have left. It shows.
The database can be downgraded anyway. I've been doing backwards migrations for each new version all the way back to 1.22 (which is the last Gitea version that is "side-gradable" to Forgejo).
i dont get this blindspot by lots of developers parroting this uber technocratic nonsense.
There's no such thing as some apolitical, objectively best approach to a technical problem. Instead of arguing about specific merits about specific issues people throw out this big wide handwave about how "idea X is simply technically the wrong choice", as if this is a legit position to have.
Take a philosophy course for god's sake before you engineer us all to death.
I used to self-host Gogs on an RPi half a decade ago. At least for the needs of 1-2 people, it was one of the best pieces of software I ever used. If someone needs to host their repos privately, Gogs is more than enough.
I used Gitea for a while. I eventually switched to gitolite and CGit primarily because Gitea (and Forgejo) force you into a flat organization/project structure. This makes organizing personal projects harder because:
1. you need to create an organization for each group (lang, tools, template, etc.)
2. you can't create more complex organization structure (e.g. template/python/python-flask-template)
3. you can't group projects with different top-level names (e.g. apps, tools, lang; such as lang/java and tools/gradle) or across a top-level name (e.g. by programming language such as lang/typescript and lang/python)
Not sure if it's mentioned because I didn't read the whole thing but maybe it's good to know for those of you not familiar with Dutch government that most open source code (and possibly even private code) from all Dutch government orgs is currently hosted on private/public GitHub repositories.
If they move to self hosted Forgejo (which I assume this meeting is all about) Microsoft is going to lose a pretty big customer.
And yes, (good) CI is still is a big blocker to move to Forgejo for any org (or self hosting). Hope they can speed things up a bit there now they now a gov org is seriously interested.
After having worked extensively with both I still feel that Gitlab CI is miles better than GH actions. I'm a bit stunned that forgejo aims to reimplement GH actions..
They're aiming at making it near effortless to migrate off GitHub, and 99% of all GitHub users are using Actions... so there's that.
But yes, they also should work on making it super easy to integrate best of breed OSS CI/CD with their SCM and turn Actions off. If they manage that they are on their way making a product which blows GitHub and Gitlab right out of the water. Because while Gitlab allows to integrate third party CI/CD it really feels clunky. (at least at the time I've used it professionally)
Forgejo’s agent is brilliant to be honest. It’s a very well contained service, written in Go and builds in practically anything. Even before it was supported, I was able to setup a couple of my old Macs to become agents for building iOS apps… my very own “Xcode Cloud” from the back the office.
A lot of the government are using public free accounts that I'm aware of.
I'm a 5+ year government employee, I touched quite some governmental repositories but all are non-paid.
I'm also a fan of the government hosting the code in an EU jurisdiction, preferably our own Dutch jurisdiction, and even better, self host.
If, like me, you are part of the 99% unfamiliar w/ OSPO et al: https://interoperable-europe.ec.europa.eu/collection/open-so...
Good to see forgejo making inroads as someone who also self-hosts it.
the note is written in Typst!
this using the flow [1] package
[1] https://typst.app/universe/package/flow/
This is brilliant, especially if this kind of approach was adopted in policy development. Chunks of vetted “code” that is transparently shared and can be used by other governments facing similar challenges…imagine…
I really really want the US legal process to abandon a certain style of incredibly cryptic bill, which contains hundreds of "the word foo shall be inserted in between teh words"-style changes.
It often seems like a trick to make is so that nobody really knows what they're voting on, as opposed to a wholesale "replace that entire section with the readable information below". I suppose, to be charitable, it may have originated as a conflict-avoidance strategy.
Ideally, bills would be changesets that can easily be turned into before-vs-after comparisons for legislators to review and approve.
Indeed. Very refreshing to see this approach. Also, Forgejo is a brilliant choice, I hope the talks continue.
It's a shame that oliverpool uses the language of "open source software", especially given that forgejo has a Free license.
Words matter, and this would've been a great opportunity to raise awareness to the problem of oppressive software. I think these days most people have an intuition that this is happening.