Sad day for Open-Source - Github banning devs from US restricted countries

principles

#1

In the past 2 days, the open-source community has seen several reports of individuals being banned with no recourse on Github.

Impacted countries are Crimea, Sudan, Iran, North Korea, Cuba, Syria.

You can read this example story.

Unfortunately the 2 other main hosted alternatives, Gitlab and Bitbucket will likely also be affected: Gitlab is based in the US and while Bitbucket is owned by the Australian company Atlassian, it’s listed on NY stock market and so subject to US trade restrictions.

Beyond hosted, there are self-hosted and decentralized solutions but with significant tradeoffs. I’m aware of the following

For self-hosting we have:

  • Gitlab
  • Gitea

For decentralized

  • Git-SSB based on Secure ScuttleButt
  • Radicle based on IPFS

Vanity imports for our Go repositories
#2

Pando is an up and coming decentralized alternative: https://medium.com/pando-network/pando-b5e1a2af3152


#3

This move don’t make sense, as open-source is open. Anyway, this happens because of USA law. These countries have sanctions with US, and US based companies are obligated to follow this.

This is a good reminder that GitHub is an authority and can choose ban all Status if they wanted to, and using GitHub should be in our wall of shame because is against our principles.


#4

was fortunate not being a North Korean. It was close…


#5

I shudder at the infrastructure changes. I support the move, but when we can afford to get used to the changes as an organization. It will set back any productivity we currently have.

I’ll start looking at the alternatives to weighing options.


#6

Gitea is a pretty nice option. They are a much more feature rich fork of very lightweight Gogs.
I like their features list: https://docs.gitea.io/en-us/comparison/

And there is apparently a Jenkins plugin.

GitLab is a monster.


#7

This doesn’t have to be too complicated - we’d probably start by simply mirroring the code, then expand from there by accepting patches through alternative methods and not being too focused on “procedure”.

Self-hosting is not without its own problems in terms guaranteeing even access - building out resilient infrastructure is no small task. You could say that of any single-point-of-failure way of doing it, be that github or gitea.