If your IP (and possible your browser) looks “suspicious” or has been used by other users before, you need to add additional information for registration on gitlab.com, which includes your mobile phone number and possibly credit card information. Since it is not possible to contribute or even report issues on open source projects without doing so, I do not think any open source project should use this service until they change that.
Screenshot: https://i.ibb.co/XsfcfHf/gitlab.png
GitLab used to be awesome when it was the place to go after MS bought out GitHub. They had premium access for all public projects under a FOSS license and top-tier CI. Then as time went on, they began pulling support for various functions in a very Microsoftian EEE sort of way. First requiring credit cards fir new users to access the CI, then taking away the CI almost entirely except for a practically useless monthly allotment, then taking away the premium access for public FOSS licensed projects. If I were migrating today I would not have chosen GitLab, but it is where I settled after leaving GitHub and my projects have grown to depend on GitLab CI even if I’m now forced to run my own runners due to the extreme nerfs they’ve done to the hosted CI. I mirrored OpenRGB to Codeberg, but since the CI pipelines depend on GitLab I don’t see Codeberg becoming the main hub anytime soon unless they can execute GL CI configs. Sad to see how far GitLab has fallen though, it is unrecognizable from what it used to be as far as support for FOSS prohects goes, especially given how GitLab itself started as a FOSS project.
Enshittification, also known as platform decay, is the pattern of decreasing quality of online platforms that act as two-sided markets. - Wikipedia
Maybe it’s time to start listing the enshittification phase of a project on Wikipedia or something.
I stopped since they put a broken cloudflare config in front of it that puts me in an infinite loop so I can’t ever log in
Funny you mentioned it, till very recently they needed validation by android or i-phone app, assuming all linux/FOSS programmers had one.
Beyond that anonymity becomes impossible for phone registrations.
Gitlab is NOT free software, and neither is GitTea, but Forgejo IS
codeberg and git.disroot use Forgejo not gitea
https://codeberg.org/api/swagger
Ohhh… github is just git.microsoft
Gitlab EE is not a free software but gitlab CE is. Gitea is a free software too. However if you want to stay free, you have to self-host your instances. Even if it is forgejo.
A for profit corporation will never produce anything truly free, it is all done in the name of profit
IBM’s systemd Qt Oracle Google Facebook are all multinational corporations.
Nothing BUT free, they are all dictatorships for the people they employ.
I prefer to follow strict definitions when possible. OSI open source definition in this case.
Also I’m not ready to throw away all software that companies you mentioned conributed to. Did you do this?
Also I’m not ready to throw away all software that companies you mentioned conributed to. Did you do this?
If you want to avoid software from Google and Meta, you’ll need to avoid pretty important parts of the Linux kernel as well as pretty much anything that does hashing or compression (given Google’s involvement with WebP and Brotli, and Meta’s involvement with btrfs, zstd, xxhash64, cgroup2, etc)
Not only kernel, but also many widely used libraries. Including compiler runtimes.
till
'til
Stop telling me what to do! You’re not my mom.
Don’t be so sure about that my son
Like others, I had an account before this was implemented. I have a couple projects on there, also mirrored to self hosted gitea. Have had people refuse/unable to contribute to the gitlab project due to the kyc requirement, so I’m thinking I will migrate to codeberg soon.
No worries, gitlab is a trash Ruby on rails app anyway 😹
JK I do love gitlab, sad to see the corporate takeover. What features dont you get with the foss version? Can’t figure it out amongst the marketing cruft. Seems like it would be relatively easy to build another hosted gitlab provider.
So why does gulab need to kyc anyway? And if it’s a legal requirement, won’t GitHub do the same?
Is KYC a thing outside finance?
It will be if digital ID rolls out with CBDCs.
This isn’t KYC, it’s “prove you’re a human”.
Do what should I use?
Drew DeVault created https://sourcehut.org/, which may be worth considering.
Also @thejevans@lemmy.ml
deleted by creator
I have no idea what everyone is on about.
Host your own git repo. It’s trivial and built into git and you make every decision about it from the ground up.
For example you don’t need to worry about registrations or what country it’s hosted in because the country it’s hosted in is your hard drive (or your company’s server rack).
Then use whatever front-end you want and point it at that private repo.
It’s only mildly more fiddly to set up and grant access, but it sure doesn’t ask you for a credit card and it sure doesn’t get scraped to train LLMs (unless you make it internet-facing and don’t protect it).
If you want to stay close to the core experience but still have a decent interface, check out (heh) gitweb and git daemon. Though I wouldn’t mind if gitweb had some of the fancier features, like the “download as zip”/“git clone path/to/branch copy-to-clipboard” buttons.It is not trivial to host a git forge with modern features that allows easy collaboration between anonymous users all over the world.
Git forge?
Just git. Git command line.
It’s about as trivial as setting up an Apache server.
The anonymous users part is maybe two lines in a config file.
The features are almost entirely part of the front-end, which is entirely up to each individual end-user.
Do you have a web server? You’re already 95% of the way there. A workplace was mentioned in other replies, which likely means this infrastructure is already in place.So no PRs. No Issues. No CI/CD. That doesn’t work for 99% of actively developed open source projects with >10 devs
I know project that is developed by 10.00000001 devs
The difficulty of sending patches or reporting issues to the Linux kernel is a feature for them, as it keeps less-experienced devs from wasting maintainer’s time with garbage requests. For most projects it’s a bug.
deleted by creator
Wait. Wtf does it need to be US specifically? So the goverment has full access to the data or what?
Probably so other governments don’t have full access.
Well, EU or some countries like Switzerland dont allow themselves access to the service.
Export controls or legal compliance, most likely. Export controls because the code may be a protected technology, or compliance because the company doesn’t have gdpr or some other legal framework.
In which case, get your code off the net and use Forgejo to get your own instance, same as codeberg. If hosting location is a real issue, bring it home.
deleted by creator
git cloneand say that code is on your computerFor work gitlab is fine, I’m sure your company can get the accounts verified for example. At least it’s not microsoft
What’s your experience like with this? I’m seriously considering Gitlab & Github alternative.
Codeberg the community is very nice with strong focus on the right to privacy and free software, which I feel reflects itself especially in a lot of copylefted projects on the service.
Codeberg the collaboration platform is in my epxerience by the simple fact of critical mass quite a bit less ‘collaborative’ for many projects. There’s a couple projects with tight communities, and a lot of single dev projects with maybe a drive-by PR.
Codeberg the software runs on Gitea (/Forgejo) which is wonderful software - slim, simple enough to get everything done without being in the way.
There’s efforts to open up the gitea/forgejo forges to federation, which would be a very neat way to fix the collaboration issue and is - in my view - the way forward for open, decentralized collaborative software creation. It’s still quite a ways off (especially from bring mature enough to be used day-to-day) but when it gets there platforms like codeberg will be the first to adopt it and to also benefit massively from it.
I don’t use codeberg much, but I have my own instance of Forgejo so I’m using the same software. My experience is that it’s really nice. The feeling is one of having what you need and no bloat.
If you want people to contribute to your project, Github is by far the best. If you’re off Github, it reduces your visibility by a lot.
You can host your project anywhere you want, setup mirroring to github and drop a link in its description. So you’ll have github visibility and won’t depend on github. Addiitional repo backup is a bonus.
100% mirroring is the way to go.
Even just for reporting issues, anyone who is capable of identifying a bug is likely to have a GitHub account. Not so for Gitlab or others.
Then you’ve got seamless integration with Vscode as a bonus, it’s more like why would you not use GitHub unless you have a specific problem with them.
Even just for reporting issues, anyone who is capable of identifying a bug is likely to have a GitHub account. Not so for Gitlab or others.
If you really want to, you can add a “log in with Github” button to your Gitlab server: https://docs.gitlab.com/ee/integration/github.html
I was asked to report bugs by people without github account several times, so you are wrong.
Then you’ve got seamless integration with Vscode as a bonus, it’s more like why would you not use GitHub unless you have a specific problem with them.
Does GitHub still only permit one account? I remember looking into it awhile back and not wanting to get things mixed up between personal/professional arrangements and the one account policy put me off.
Truth
They been doing this for years. Here is a GitLab forum post about it.
As a gitlab user myself, I prefer gitlab over anything else because of their CI/CD. The free compute units run instantly now, no more queues orwaiting. A couple years ago, my pipelines would timeout after 3 hours.
That post is only in regards to the CI feature. But today, even basic registration requires personal identification. You cannot even report bugs on open source projects without
Remember seeing this a while ago. Is this something they’re still doing or did they backpedal?
Edit: Oh wait, it’s affecting OP. I apparently can’t read.
To add a few more details: After trying several times with different IPs and different browsers, I was able to register by providing only a mobile phone number once. Since that still requires personal information, this is still a very questionable process. (not to mention it took me a day to not be asked for a cred card)
Can anyone else confirm this? As a long time user and champion of Gitlab, this is a deal-breaker for me.
Policies like that are almost entirely about minimizing fraud and harassment. It really sucks for people who don’t have mobile phones that support authentication texts or whatever (since, even as you pointed out, the requirement is mostly a phone number) but it also drastically cuts down on fake/harassment accounts.
It’s about data harvesting and selling not safety or any other mentioned.
Gitlab was getting attacked with thousands of spam accounts. Trying to fix the damage almost killed the company
User flagging works too
It’s disgusting.
It should be illegal to require any personal information unless you can prove that it’s literally impossible to provide your service without it, and always illegal to share that information with anyone (but a payment provider exclusively for verification purposes) for any reason.
Even Github does not require any personal information, so there are certainly other ways.
And Github is Microsoft who need those capabilities for basically every other website they sell.
Whereas gitlab is REALLY good software with… a website nobody ever really asked for but that still needs to exist to sell people that software.
This comes up with a lot of services. I think everyone lost their god damned minds when overwatch added phone verification?
Like, I don’t like it. But I have friends who ahve had to deal with harassment campaigns against their products (or persons) and the like and get why you would do what, on the surface, is a pretty trivial ask as a way to remove sock puppets.
what, on the surface, is a pretty trivial ask
I don’t think having my real life phone number tied to a website or game account is a trivial ask. I’d like my data to be private, especially something as real-life and tangible as a fucking phone number. Sure, there are ways around these things, you can get a fake phone number for cheap (or possibly even free), but that’s rather more effort than I’m willing to put in for most things. If I need to enter a phone number to sign up for an account for something, chances are very extremely good I’ll just decide I don’t need the account that badly. I don’t think I’m alone in this.
Except phone number is super cheap.
It is still a monetary investment which is a major deterrent to bad faith accounts. This is why so many live games have a “you need to spend 1 dollar to get into the good queue” model. Shit like Escape from Tarkov where people buy accounts en masse are very much the exception.
But also? The issue is, like with mots things, lower income users. A lot of the cheaper/more affordable “pay as you go” phone plans won’t support the SMS authentication services that these models depend on. Which is why I referenced Overwatch 2 since that was actually a really “good” example of the reasons this is not a good model.
TF2. Even in official competetive mm with phone verification and spending money there are lots of bots.
won’t support the SMS authentication services that these models depend on.
Is it even legal?
There is no one solution that handles everything (or else everyone would just do that). It is always about a mixture of multiple methods.
Is it even legal?
This is the internet. Someone will always claim it is illegal in “Europe”. Nobody will care enough to verify one way or the other. And, regardless of whether it is or is not, companies don’t care because most of those regulations are very toothless either due to bureaucratic inertia or just not giving a fuck.
The fact of the matter is that this is a very common model used by a range of services and it is not going to get challenged any time soon.
I created a GitLab account long before they implemented this, but never used it. Went to post an issue related to self-hosted GitLab on their issue tracker, and it told me my account was banned. I wrote an email to support and they essentially said “an automated system identified your account as a bot and banned you during an account clean up some years ago to cut back on malicious users”. I informed them that this was not at all reasonable, as I’ve never even posted anything on any GitLab account, and that I would be advising my organization to never pay for any GitLab product or service unless legal writes up the contract terms, because I have no faith in them as a vendor.
Seriously, fuck GitLab. And if anyone from that org wants to discuss this with me, they can pipe their email to
/dev/nullTried to register with gitlab three times some months back to file a bug against qemu. It rejected my registration silently every time (as in, it appeared to take it but never sent a confirmation email, not even one that got mistaken for spam). I gave up on filing the bug.
Screenshot: https://removed/XsfcfHf/gitlab.png
For LW users after scumbags used image hosters to spread childprn:
