[swagonomixxx]

Just had this thought: are there any decentralized code hosting services?

To me, I don't really see a difference between GitHub and sr.ht. Companies can start out with these "friendly" attitudes towards FOSS, but when they reel in many paying customers, they can pretty easily, and without consequence, change their policies to be more aggressive (geared towards profit) and greedy. It just seems inevitable to me.

However, decentralized hosting and governance might make it so that there can't be a hostile takeover and incorrect (relative to license) usage of FOSS code. I'm thinking something akin to IPFS but more specialized towards e.g git repository hosting.

Not sure how such hosting would be feasible in terms of breaking even between hosting costs, but a decentralized service hosting distributed VCS databases seems more along the lines of the philosophy of DVCS's in general. DVCS's in general do not have timeliness requirements (i.e your "git push" most of the time doesn't have to propagate worldwide immediately) and the other goodies that come with being on GitHub (e.g CI/CD) seem orthogonal to the actual code hosting itself, and I don't see why that can't be built separately without being part of the service.

[ddevault]

Founder of sr.ht here. I understand these fears, and I have gone to great lengths to give users tangible assurances in this regard. Trust is something that has to be earned, and it is incredibly important to me that we are worthy of yours.

For a start, the company is bootstrapped and we have no private investors. The revenue to maintain the platform comes directly from users, and all users are expected to pay if they have the means for this reason. We are accountable only to them and we do not have to find "creative" ways to monetize them (or their work) because they are already footing the bill themselves. Every cent paid by users stays in open source, either supporting the platform or the dozens of projects our engineers maintain or contribute to in the FOSS ecosystem.

We also seek to be as transparent as possible. Our financial reports, monitoring system & alarms, security reporting, operational documentation, backups, and so on, is all publicly available. We have hard data that you can use to understand our platform's sustainability, security, performance, uptime, and more.

And, unlike GitHub (and GitLab), SourceHut is 100% bona-fide free software, mostly AGPL. You can run it on your own servers, and we make it easy to import and export your data, in standard, interoperable formats that you can use to move between instances or even between software stacks, such as GNU Mailman or other solutions. SourceHut is also not an ivory tower -- we elevate our users to peers, and many parts of our system are officially maintained by independent volunteers.

I work really hard for our user's trust and I'm proud to know that I have it. If anyone has questions or concerns, I'm always prepared to listen to them and do what it takes to make sure our users are confident in the platform. FOSS is my life's passion and I am committed to doing it right.

[ddevault]

HN believes this comment is spam and I cannot reply to it:

https://news.ycombinator.com/item?id=31963630

So I'll reply here instead.

> This is somewhat off topic, but I'm wondering if you've considered offering a pre-paid lifetime plan. sr.ht looks great, and I've considered moving my project over from github, but the thing holding me back is that I don't want the obligation to maintain a subscription into perpetuity. Github's killer feature isn't that it's free, but rather, that I can get hit by a bus (or just become busy with other things in life), and my project will remain hosted indefinitely.

There are currently minimal penalties for non-payment, and in the future, they will remain conservative. We will place your account into a read-only mode after a grace period, but will not remove data without consulting you first. We are people first, free software second, and a business third. We would be honored to set profit aside in the interest of maintaining our users' legacies after they're gone.

[aquaduck]

Thanks for the reply. I guess the combination of a new account, a link, and talk about plans and payments was enough to set off HN's spam filter.

[20after4]

You're doing such a great job that I subscribed for a year even though I had no need for the service at the time. I just wanted to financially support what I see as a really inspiring project. Not to mention that it is an objectively good product.

I will likely buy another subscription (and actually use it) at some point in the future but until then I'll be recommending sr.ht to anyone in need of lightweight and open development platform.

Keep up the good work!

[ddevault]

Thank you :)

[aquaduck]

This is somewhat off topic, but I'm wondering if you've considered offering a pre-paid lifetime plan. sr.ht looks great, and I've considered moving my project over from github, but the thing holding me back is that I don't want the obligation to maintain a subscription into perpetuity. Github's killer feature isn't that it's free, but rather, that I can get hit by a bus (or just become busy with other things in life), and my project will remain hosted indefinitely.

[sharedptr]

What if I wanted to try this out?

In the sense that at the moment I don’t pay for Github and my projects remain there hosted for free.

What would happen in sr.ht jf for whatever event I stopped paying for the service?

[ddevault]

Right now, there are no consequences for non-payment. In the future, your account may be put into a read-only mode following a grace period. Your projects won't disappear overnight.

[sneak]

I always got the impression that sr.ht was not intended to be social software, but simply a git frontend.

To me, this makes it unsuitable as a frontend for community-focused projects that cater to involving and attracting strangers, and much more something for single-committer repos.

Ultimately, building large software ends up being a team sport, and I never got the impression that your product had the express goal of facilitating (and causing) collaboration; in fact quite the opposite: that those are explicitly out of scope for the project.

[ddevault]

SourceHut is designed to facilitate collaboration, of course, but it's done differently from platforms like GitHub and those that seek to emulate it. And of course it is more than a git frontend, providing tools specifically to facilitate collaboration such as mailing lists and bug trackers. SourceHut is an engineering tool, not a social network. It is designed to get your work done and then get out of your way.

GitHub is explicitly designed like a social network, and this is a design that we reject. Counting stars and scrolling through feeds is a distraction from getting work done, not to mention an unhealthy relationship to have with your work. Popularity is not a metric we think that people should be optimizing for, or one that can even be effectively measured.

So our design deliberately skews away from what we think of as "dopamine dispensers" and instead focuses on getting the work done. We make it easy to onboard new collaborators by skipping the account requirement to send patches or file tickets. The UI is simple and accessible for users with any accessibility needs, and free of distractions. Colors are used deliberately to attract your eye to the action items on each page, not to dazzle you with information overload. These are the kinds of motivations which guide the design of the platform.

For the social aspect, we encourage you to branch out. Talk about your project on Hacker News. Maintain a fediverse presence. Put up a marketing page and documentation on SourceHut pages. Cultivate welcoming mailing lists. There are many ways to crack an egg.

[sneak]

> So our design deliberately skews away from what we think of as "dopamine dispensers" and instead focuses on getting the work done.

What about the case where getting the work done involves doubling the number of people involved in the project, and not a single line of code?

Nobody's on the fediverse, and email is not taken seriously by most modern developers. These interactions still happen on the web.

[ddevault]

Hundreds of thousands of people are on the fediverse, and many large projects use email every day for their work - Linux, GNU, Postgres, Debian, etc. It might not be for you, but it works for many people.

[sneak]

I don’t think your first assertion is true. Hundreds of thousands of accounts have been created. I think the DAU is in the low thousands.

It’s the only social media I use, and it’s a ghost town. We have to live in the world that is, not the one we wish were.

I used to have a Twitter follower count on my niche little tech/privacy account that is higher than the DAU count of the entire fediverse.

[bayindirh]

You can automatically send these patch e-mails with "git send-email" command. So there's no friction involved. It only works differently.

Moreover your mailing list can facilitate discussion, so nothing is lost.

[mbreese]

Git itself is decentralized. It is entirely agnostic from a centralized/decentralized point of view. We tend to centralize things to make life easier. Who wants to pull updates from each contributor as opposed to a hub?

So the real question is — what are the features of GitHub would you like to see decentralized? CI? Issues? Wikis? Because, you can self host many of these with gitea, GitLab, or sr.ht. That’s the best kind of decentralization, but it does add to your own personal overhead (maintenance, backups), and really limits discovery.

I think what you might be asking for is if there is a federated code repository that supports git. That’s an interesting question, and I don’t know if such a thing yet exists.

[sreevisakh]

> I think what you might be asking for is if there is a federated code repository that supports git. That’s an interesting question, and I don’t know if such a thing yet exists.

Sourcehut itself is fully federated if you are willing to learn email workflow. You don't need to register an account anywhere to collaborate on sourcehut. That include feature requests, bug reports, discussions, submitting patches and even pull requests from any public repository anywhere [1]. The discussions also exist on mailing list archives and personal mailboxes. They are not lost even if you decide to change host.

But developers are extremely resistant to email workflows. When I suggest it, people react as if I am suggesting black magic. But in my experience, email workflow isn't that unpleasant. Most of the problems with email workflow are due to poor email clients (issues with plain text, composing, rendering and threaded displays). Setting up git and a good but simple email client for git is not a hard task. The rest of the workflow is actually very pleasant.

[1] https://git-scm.com/docs/git-request-pull

[nine_k]

- Code review aka pull requests.

- Issues.

- CI.

- "Home page" with the readme.md rendered.

Easy discoverability is a large concern. Easy discussion with fast round-trips and a trail is important (email or NNTP can help here though). CI is a thing that may need a serious effort to get running smoothly.

These things are centralized because it's easy to implement them once in one place instead of reinventing. But if there'd be an obvious and bullet-proof way to have them replicated (like in Fossil), the need for strict centralization would wane.

Discoverability would still be an issue though. It's like torrents: completely decentralied, but without a directory like TPB it's really hard to find them.

[quickthrower2]

Is it possible to decentralize "I know about package X -> Find Package X online -> Git Clone"?

While keeping the property of very high availability? And making it convenient.

I think the first two steps could be covered by a source search engine that spans different repository providers, and includes self-hosted git instances.

That source search engine will probably be centralized, although if we are just searching names and descriptions (and not code) the engine could be a fairly small .zip file that anyone can install. So comes down to "passing around lists".

[mbreese]

That’s the idea with pkg.go, npm, pypi, CRAN, (CPAN?!?), etc… discovery of packages. I think each of these has a wider record for the package showing where individual code repositories are hosted. But I wouldn’t necessarily call them “convenient.”

But that isn’t helpful for cross-language searching, or a code search engine (which I think is a great idea).

[ranaexmachina]

> To me, I don't really see a difference between GitHub and sr.ht. Companies can start out with these "friendly" attitudes towards FOSS, but when they reel in many paying customers, they can pretty easily, and without consequence, change their policies to be more aggressive (geared towards profit) and greedy. It just seems inevitable to me.

But with sourcehut you can just host it yourself or find someone else who hosts that as everything is FOSS.

If you don't want to use the built-in CI, wiki and issue tracker, then Git is already decentralized. You can push and pull easily from and to multiple sources. Git is already built for that exact use case.

[capableweb]

> If you don't want to use the built-in CI, wiki and issue tracker, then Git is already decentralized. You can push and pull easily from and to multiple sources. Git is already built for that exact use case.

Git is a great protocol. You can pull/push to HTTPS servers, SSH servers, even directories (so via NFS if you so wish). Really, Git is really awesome in that way.

But Git itself is not a "code hosting service" that parent asked for. That requires more. Something like Fossil SCM would probably fit better, or git-ssb as I mentioned in another comment here.

[rychco]

I don’t know Drew DeVault personally, but I feel from his blog that he’s fairly transparent and not interested in attempting to squeeze out every possible cent of profit from sourcehut. I may be proven wrong in the future, but for now I’m happy with the service and hopeful that it will remain affordable, friendly, and fast.

[quickthrower2]

I think there is a 10 year "we can have nice things" expiry date on stuff like this. Think Google / Github / Facebook etc.

After 10 years, the thing dies, or grows so big it becomes a corporation, run by suits, hungry for new revenue. There are probably exceptions (HN is one, as it is more of a well kept and groomed "pet" than a business in itself. Meant in a nice way as I love pets).

Death is an interesting one. Reading that Prince's estate is trying to color troll [1], means that regardless of what Prince wanted (not sure what he wanted either way), some other heads with different ethics can take over and do something different from the ethos you thought you were buying into.

[1] https://news.ycombinator.com/item?id=31925423

[aozgaa]

HN is maintained at least in part to promote YC startups and the reputation of YC itself. The monetization is indirect. (Maybe some posts are sponsored? I would be mildly surprised.)

This suggests the incentives for YC are more aligned to users’ goals than, say, Reddit.

[capableweb]

git-ssb is really nice for decentralized hosting between friends. Uses Secure Scuttlebutt (https://scuttlebutt.nz/) and I've used it for over a year to collaborate on projects with people over ssb.

I'm a bit scared of putting this link here, as the gateway is not super reliable, so I'll ask people who are curious, to get ssb running locally and pull down the data if they want to look into it deeper.

But regardless, here is the link for the curious minds who can't wait, it's the repository for git-ssb itself: https://git.scuttlebot.io/%254Dsh92G6zkkLnR3%2Fys%2Fv42MD0jK...

If you get server errors, jump on ssb yourself, or wait some seconds/minutes and refresh. Be kind to the poor server.

[goodpoint]

> I don't really see a difference between GitHub and sr.ht. Companies can start out with these "friendly" attitudes towards FOSS

You are really comparing DeVault with, of all companies, microsoft?

[morpheuskafka]

I don't know the backstory with the sr.ht founder or anything, but I think there is a difference. GitHub always started out as a for-profit company, albeit targeting the market of FOSS developers/communities, and had a closed-source product sold for on-prem use. Sourcehut is itself FOSS software from the beginning and has its own developer community, so it is a little different.

[hyperpape]

sr.ht is the vision of one extremely stubborn man who loves free software. I wouldn’t host my material there, but if your worry is that he’ll go corporate, you’re probably pretty safe.

[rglullis]

> I wouldn’t host my material there

Why?

[Gigachad]

Not OP but IMO the UX is really bad. It's removed almost everything that github/gitlab popularized for a plain, unstyled, email driven workflow. HN often states that git is too complex for most users and source hut pushes that to the extremes by using all the internal concepts and terminology in the UI rather than the more modern and understandable names.

[johnny22]

I wouldn't want to use any decentralized system for code if there's no discovery, code search, cross instance logins, AND BACKUPS.

It'd suck to end up in a situation like you see with torrents, where there are tons of references, but no access to the data.

I can imagine tons of useful code being lost over time that way.

[fiddlerwoaroof]

Git is great because every clone is a backup: if you want public backups, push to multiple upstreams (or setup mirroring): e.g. sr.ht, self-hosted gitea on AWS and self-hosted gitolite on Hetzner

[miohtama]

Radicle is a decentralised Github alternative to the point it does not have any centralised servers. However, because of ”web3” many people here on HackerNews might not take it seriously, even thought it might deserve a closer look.

https://radicle.xyz/

[chx]

It's not that we don't take it seriously, it's what we condone. Web3 is a scam and destroys the environment.

[k__]

Yes.

Moving to Radicle would completely eliminate the issues the maintainers had.

Moving to another provider seems like they just "hoping" for the best.

[capableweb]

As long as it's P2P without involving any cryptocurrencies, I don't see why you'd label it "Web3"?

Edit: seems Ethereum is a opt-in optional part of Radicle, so I see how people could believe it to be a part of the whole "Web3" effort.

Well, as long as I can run it without Ethereum, I'm happy.

[miohtama]

It literally says Web3 on the second heading of the landing page.

[capableweb]

As my edit mentions, seems at least that part is opt-in rather than a core of the protocol. So you can use it without "Web3" if you want.

[k__]

Web3 is the decentralized web.

Cryptocurrencies are just an extra. No wonder, people here hating on Web3 all the time, if they don't understand that.

[Klonoar]

...no, the decentralized web is just the web.

Web3 is utterly synonymous with cryptocurrency. Plenty of people here understand what it is and what is discussed when the term is brought up.

[Gigachad]

Crypto hype projects continuously obscure the facts with confusing marketing hype. One thing I couldn't work out from the page is how much it costs to use. It was my understanding that pretty much all web3 projects are hit hard with transaction fees for any change.

[southerntofu]

Shameless plug: https://staticadventures.netlib.re/blog/decentralized-forge/

I wrote this article about decentralized forging and the different approaches to it, P2P and federated. It's not exactly an in-depth analysis but i believe it's a good high-level overview of the ecosystem which has changed little since then.

[sergiotapia]

Drew Devault is /g/ incarnate. He won't ever do any bullshit to people using the services. If anything he would just as well burn it all to the ground.

[skybrian]

Well, there was the Mastodon instance that just disappeared on me one day.

I wasn't paying for it though, or using the account much.

[Aeolun]

The thing is, I’ve said this about many many people that eventually sold out.

I wouldn’t trust anyone that claimed it, not even myself.

[sergiotapia]

He never claimed it, and never said it - it's just his actions are the actions of a typical /g/ poster. So he is the real deal.