26 October 2019 - 7 minute read

Dear GitLab User,

We have launched important updates to our Terms of Service surrounding our use of telemetry services. Starting with GitLab 12.4, existing customers who use our proprietary products (that is, GitLab.com and the Enterprise Edition of our self-managed offerings) may notice additional Javascript snippets that will interact with GitLab and/or third-party SaaS telemetry service (such as Pendo).

For GitLab.com users: as we roll out this update you will be prompted to accept our new Terms of Service. Until the new Terms are accepted access to the web interface and API will be blocked. So, for users who have integrations with our API this will cause a brief pause in service via our API until the terms have been accepted by signing in to the web interface.


So if you develop free (libre) or at the very least open source software, you almost certainly make your code available to the masses by hosting it on a git provider that you either host yourself or is hosted as a service by someone else. The one you'll probably be most familiar with is GitHub. I used to have a GitHub account. I went there because it had the largest community and it would be the easiest for me to contribute to other projects and for others to contribute to mine.

That said, privacy is important, as is trust. You should only use a service you trust not only to respect your privacy, but to also respect free software and the community around it. So when Microsoft - bringer of proprietary death and destruction - acquired GitHub, I and many others immediately packed up our shit and started looking elsewhere.


At the time, many people had been recommending GitLab, so I thought I'd try it as it was similar to GitHub in workflow and I know various FOSS projects use self-hosted instances such as Gnome and Purism. That kept me going fine for quite a long time because it was fine. It had a reasonable privacy policy and wasn't terrible software so I had no reason to go elsewhere.

I backed up all my repositories and deleted my account about 20 minutes after reading the email from GitLab, the start of which is quoted at the top. As with any piece of software, spyware is not to be tolerated under any means, and if it can be avoided then it must be.


One service I'd heard about a while ago was Sourcehut. This was before I was employed so I chose not to create an account as at the time I didn't want to risk reaching the point where my account would no longer function unless I started paying money I didn't have. Now however, I'm on a salary, so Sourcehut became a valid option.

When GitLab announced that everybody should leave their service immediately, the fediverse became very interested in Gitea (which I spent a very long time calling "GitTea"). This was understandable. Gitea has a very similar appearance to GitHub and GitLab and it generally runs well and is easy to self-host. However, it suffers from a "walled-garden" effect in that if everyone had their own instance for their own code, everyone would need a new account for everything someone wants to contribute to, and more accounts means more risk of a breach.

Several services are looking at ForgeFed, which is a project based around creating a means for hosted git instances to federate using ActivityPub, so your account on your personal Gitea instance could be used to contribute to code on other Gitea instances that federate. This sounds great until you learn that not only does git already federate, but it has a whole host of tools within it for doing all of this already, and these tools have existed for nearly 15 years.

So, why use Sourcehut when I can use git's builtin stuff? Because those aren't different things. Unlike GitHub et al where these systems are built into the web UI as distinct components to version control, Sourcehut instead elects to integrate with them. Sourcehut manages mailing lists for you so you can keep everything in one place, and the (very well-made) web UI integrates with the list, allowing you to browse email threads from the web. Issues and PRs are all done through email, meaning you can use Sourcehut almost entirely without a browser.

I haven't had a chance to work with git like this, but I hope to in the future to really get into using git like this. I've become so excited about this workflow in fact that I'm seriously considering putting it forward at work, or at least showcasing it in one of our dev meetings every other week. It's unlikely I could persuade them to implement it at work because not only is all our email there Outlook which doesn't like anything that isn't Microsoft's shitty proprietary not-email protocols, but everyone's email defaults to HTML email and the sheer amount of top posting is terrifying.


As wonderful as all that is, one obstacle I'll have to deal with is Protonmail. Because you can't authenticate to it through a normal client, I'll need to setup something like hydroxide which will act as a bridge to it, at which point I'll be able to use an email client like Thunderbird (which I use at work) or aerc. A tedious extra step, but doable. It will be nice to have my emails in a proper client (ideally in a terminal) rather than a bloated web UI too.

So, all my code is now on my new Sourcehut account which you can find here. This includes all the O source code. Sourcehut doesn't yet offer project groups, so the O repos are prefixed with olang-. I'll make another post once I have things more fully setup and have done a bit with email and git to talk about what it's like and how to work with it.


Internet - Programming - Thoughts


Copyright Oliver Ayre 2019. Site licensed under the GNU Affero General Public Licence version 3 (AGPLv3).