consider switching off of codeberg #77

Open
opened 8 months ago by tom · 10 comments
tom commented 8 months ago

We should consider switching SpywareWatchdog off of Codeberg taking into account the outcome of Codeberg/Community#423

I suggest waiting until the outcome of that ticket. Could just be an honest mistake but even if it wasn't we need to strongly consider a hosting provider that doesn't just delete our repositories out of nowhere immediately and gives us a reasonable amount of time to resolves issues before it results in a service disruption.

I already mirror this repository on my own server and it can be viewed+cloned from https://www.nuegia.net/mirror/SpywareWatchdog/

We should consider switching SpywareWatchdog off of Codeberg taking into account the outcome of https://codeberg.org/Codeberg/Community/issues/423 I suggest waiting until the outcome of that ticket. Could just be an honest mistake but even if it wasn't we need to strongly consider a hosting provider that doesn't just delete our repositories out of nowhere immediately and gives us a reasonable amount of time to resolves issues before it results in a service disruption. I already mirror this repository on my own server and it can be viewed+cloned from https://www.nuegia.net/mirror/SpywareWatchdog/
Owner

Nice, I already have a backup of the spyware repository. I'll upload it on my gitea instance later today as a mirror. I'm not sure how I think about ditching codeberg though, they seem like good people. I'll have @anonymous give the final word.

Nice, I already have a backup of the spyware repository. I'll upload it on my gitea instance later today as a mirror. I'm not sure how I think about ditching codeberg though, they seem like good people. I'll have @anonymous give the final word.
anonymous was assigned by baobab 8 months ago
baobab added the
question
label 8 months ago
baobab self-assigned this 8 months ago

consider switching off of codeberg

Please.

I'm deleting my account right now

>consider switching off of codeberg Please. I'm deleting my account right now

Hey there,

I am sorry to hear that. If you want to leave Codeberg, you can use Gitea's native migration feature to conveniently transfer your repo content to another server.

Could I ask you to please give us some feedback what makes you want to leave Codeberg? Is it some issue in our communication? What can we change to improve clarity?

If your sole issue is that we cannot tolerate illegal content or you want to stay with the users who demand so, I have to admitt that this platform is apparently not for you. I'd say that it's impossible to create a larger platform with a healthy community without taking a certain responsibility in moderating and responding to user complaints. Please note that we also have users complaining that we do not take content down fast enough or not at all if we do not see a violation in law.

I just want to point out that we still have the non-monitoring policy and will never block legitimate content as long as it complies with our Terms of Service as well as local law.

Writing articles about security including criticism to big companies is absolutely not a matter.

Thank you for participating in our mission so far.

Hey there, I am sorry to hear that. If you want to leave Codeberg, you can use Gitea's native migration feature to conveniently transfer your repo content to another server. Could I ask you to please give us some feedback what makes you want to leave Codeberg? Is it some issue in our communication? What can we change to improve clarity? If your sole issue is that we cannot tolerate illegal content or you want to stay with the users who demand so, I have to admitt that this platform is apparently not for you. I'd say that it's impossible to create a larger platform with a healthy community without taking a certain responsibility in moderating and responding to user complaints. Please note that we also have users complaining that we do not take content down fast enough or not at all if we do not see a violation in law. I just want to point out that we still have the non-monitoring policy and will never block legitimate content as long as it complies with our Terms of Service as well as local law. Writing articles about security including criticism to big companies is absolutely not a matter. Thank you for participating in our mission so far.
Owner

@fnetX, If you want context for what happened, I recommend visiting Codeberg/Community#423 with the #issuecomment-187976 after the 423. Basically, I have 4 issues with codeberg:

A) They killed my repository without any prior notice.
B) They won't give me back the repository unless I change it, and I can't make changes to it because they took my repository.
C) When asked what parts of the repository need to be changed, hw (who I'm pretty sure works for codeberg) evaded the question entirely and accused me of trying to "whitewash." So even if I had access to my repository, I couldn't be sure what changes need to be made.
D) Due to codeberg not confirming what exactly needs to be changed, I also can't upload a new repository even if the changes I proposed were made else it might be taken down again due to missing something.

I couldn't imagine a worse way for codeberg to handle this if their intent was to fix the project in question, and I couldn't imagine a better way for codeberg to handle this if their intent was to censor the project. Either way, I don't think this platform is the best for hosting projects.

@fnetX, If you want context for what happened, I recommend visiting https://codeberg.org/Codeberg/Community/issues/423 with the #issuecomment-187976 after the 423. Basically, I have 4 issues with codeberg: A) They killed my repository without any prior notice. B) They won't give me back the repository unless I change it, and I can't make changes to it because they took my repository. C) When asked what parts of the repository need to be changed, hw (who I'm pretty sure works for codeberg) evaded the question entirely and accused me of trying to "whitewash." So even if I had access to my repository, I couldn't be sure what changes need to be made. D) Due to codeberg not confirming what exactly needs to be changed, I also can't upload a new repository even if the changes I proposed were made else it might be taken down again due to missing something. I couldn't imagine a worse way for codeberg to handle this if their intent was to fix the project in question, and I couldn't imagine a better way for codeberg to handle this if their intent was to censor the project. Either way, I don't think this platform is the best for hosting projects.
Owner

A special note is that I never knew there was illegal content in the cloudflare repository (I mainly used the repository for how to avoid cloudflare and the lecture notes on cloudflare) and was more than willing to remove it when people pointed it out.

Even if it weren't illegal, I wouldn't have wanted to have the list of cloudflare supporters in the first place as I don't like datamining people.

EDIT: Another note is for those reading this and confused, the repo that got taken down was this: https://git.honeypot.im/crimeflare/stop-cloudflare, not the spywarewatchdog repository.

A special note is that I never knew there was illegal content in the cloudflare repository (I mainly used the repository for how to avoid cloudflare and the lecture notes on cloudflare) and was more than willing to remove it when people pointed it out. Even if it weren't illegal, I wouldn't have wanted to have the list of cloudflare supporters in the first place as I don't like datamining people. EDIT: Another note is for those reading this and confused, the repo that got taken down was this: https://git.honeypot.im/crimeflare/stop-cloudflare, not the spywarewatchdog repository.

Hey there,

A) That's a legal matter. It's not always possible to reach out first since clarification might take time etc - but Codeberg needs to remove access to the content immediately.
B) is not a problem, as you mentioned you had a local copy, right?
C) If you upload content, you are responsible for it. Thus, from a legal point of view, you must check what a repo contains. Of course, this is a very strict requirements esp. for big repos you fork somewhere, but you must also understand that Codeberg needs to lock them nevertheless until clarification.
But basically, you were already right: removing the user lists is a good starting point and the issue with faked commit identities did not apply to your repo AFAIK. This is also what I read from hw's quote. We just don't want to give the final okay already as long as we did not check the repo in detail.
D) You can upload the content to a private repo and we can have a look at it.

A special note is that I never knew there was illegal content in the cloudflare repository

It was never claimed that all the fork and copy owners knew about it, but the most active repo did not really solve the matter and all copies were removed. Look, if you have a big software project with many forks and copies, it's simply impossible to start a discussion with all of them. We want to be more transparent about what we do than proprietary git hosting services, but as a project of volunteers it's not possible to drop efficiency to zero and talk to everyone 😢. That's sad, but we had to learn this recently as the platform starts growing and those cases become more frequent.
If we think that an account uploads illegal content on purpose (repeated violation of ToS), it would probably even be disabled.

Even if it weren't illegal, I wouldn't have wanted to have the list of cloudflare supporters in the first place as I don't like datamining people.

👍

Hey there, A) That's a legal matter. It's not always possible to reach out first since clarification might take time etc - but Codeberg needs to remove access to the content immediately. B) is not a problem, as you mentioned you had a local copy, right? C) If you upload content, you are responsible for it. Thus, from a legal point of view, you must check what a repo contains. Of course, this is a very strict requirements esp. for big repos you fork somewhere, but you must also understand that Codeberg needs to lock them nevertheless until clarification. But basically, you were already right: removing the user lists is a good starting point and the issue with faked commit identities did not apply to your repo AFAIK. This is also what I read from hw's quote. We just don't want to give the final okay already as long as we did not check the repo in detail. D) You can upload the content to a private repo and we can have a look at it. > A special note is that I never knew there was illegal content in the cloudflare repository It was never claimed that all the fork and copy owners knew about it, but the most active repo did not really solve the matter and all copies were removed. Look, if you have a big software project with many forks and copies, it's simply impossible to start a discussion with all of them. We want to be more transparent about what we do than proprietary git hosting services, but as a project of volunteers it's not possible to drop efficiency to zero and talk to everyone 😢. That's sad, but we had to learn this recently as the platform starts growing and those cases become more frequent. If we think that an account uploads illegal content on purpose (repeated violation of ToS), it would probably even be disabled. > Even if it weren't illegal, I wouldn't have wanted to have the list of cloudflare supporters in the first place as I don't like datamining people. 👍

I think SpywareWatchdog do not have a problem, cant find "blaming users" and a list of persons or something like this

I think SpywareWatchdog do not have a problem, cant find "blaming users" and a list of persons or something like this
Owner

We will be switching to different Git hosting.

We will be switching to different Git hosting.
anonymous closed this issue 8 months ago
Owner

Probably the best way to go would be to mirror SpywareWatchdog somewhere else (say sourcehut).

That way we can keep the repo here as the main repository and don't have to worry about repositories getting nuked without notice (because we can just switch to the mirror if that happens).

Probably the best way to go would be to mirror SpywareWatchdog somewhere else (say sourcehut). That way we can keep the repo here as the main repository and don't have to worry about repositories getting nuked without notice (because we can just switch to the mirror if that happens).
baobab reopened this issue 5 months ago
baobab added the
critical
label 5 months ago

gitea v1.15.0 will support push mirrors

gitea v1.15.0 will support push mirrors
Sign in to join this conversation.
No Milestone
6 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.