This is a reboot of this thread which I started last night on the mailing list, before realizing (with the benefit of input on IRC) that it may be better off on the forum. Quoting my initial post, with minor edits -
Hello.
I’m sharing (and voicing my support for) a suggestion made by Simon Poole on IRC - that the OSMF set up its own Forgejo or GitLab Community Edition instance. Such an instance could use existing OpenStreetMap accounts for authentication, reducing friction for OpenStreetMap contributors. Critical OpenStreetMap software projects, including editors, presets, etc could be encouraged to leave GitHub and move there.
Why?
Currently, the proprietary code-hosting platform GitHub has the dubious distinction of hosting the majority of OpenStreetMap-related software projects.
There are many issues with this situation -
A growing number of potential contributors refuse to use proprietary platforms on principle. These contributors are naturally excluded from contributing to OpenStreetMap software projects hosted on GitHub. (Contributing via email is possible, but a terrible downgrade in UX, more so when you consider that platforms like GitLab and Forgejo exist.)
GitHub violates copyright and free software license terms - free software hosted on GitHub is used to train its Copilot tool, which can reproduce the code verbatim in legally-significant quantities, without regard for reproducing the attribution statement (e.g. for MIT and similar licenses) or copyleft clauses (e.g. GPL).
Proprietary platforms such as GitHub have a history of tracking users.
User content (such as comments) on proprietary platforms is being used to train LLMs without the users’ informed consent. If GitHub is not doing this already, we can expect it to happen soon.
Proprietary platforms have been used in the past to inject adware and malware into software installer downloads - see SourceForge - Wikipedia . The same could happen again, if it is not happening already.
Platform lock-in. The more non-standard and GitHub-exclusive features a project depends on, the harder it is to migrate away from it when the time comes.
GitHub can delete repositories without the consent of the repository owner(s).
Other alternatives to GitHub
Codeberg is a Forgejo instance that is gaining popularity among people fleeing GitHub. It includes CI/CD and static web hosting.
Radicle allows hosting Git repositories, issues, pull requests, and other repository metadata in a peer-to-peer and offline-first way. However, it is in early stages and may not currently be suitable for large projects.
Gitlab.com is a service commonly suggested as an alternative. However, I do not recommend it because of its use of CloudFlare to - there are really no better words for it - harass, frustrate, and outright block Tor users.
Concerns about migration
I have urged several OpenStreetMap projects time and again to move away from GitHub to one of the numerous alternatives. The following objections are frequently raised -
Ease of authentication - because “everyone” has a GitHub account, it is allegedly easier to access. Thus, projects moving away from GitHub are supposedly at risk of receiving fewer contributions.
As mentioned, a self-hosted Forgejo or GitLab instance would fix this by providing SSO using contributors’ OpenStreetMap accounts.
That said, I’m not convinced that ease of authentication is really an issue in practice, for three reasons - one, most forges (including Codeberg) support SSO with popular services, including GitHub. Two, setting up a new account takes two minutes and is no obstacle to someone who wishes to contribute. Three, Codeberg is fast growing in popularity and quite a few people have an account there already.
The work involved in migrating CI/CD actions to a new platform.
I would hope the problems with GitHub are more than justification enough for this. Furthermore, switching to a free software CI platform would be a one-time cost which makes future migrations to other forges easier.
Future-proofing - some contributors have great faith in the longevity of platforms run by private companies, and community-run platforms are seen as a downgrade in that regard.
Conclusion
I ask the OSMF and the OWG to consider Simon’s proposal. In doing so, OpenStreetMap would -
Offer a unified, trustworthy, and independent platform for software collaboration.
Join the ranks of projects like Debian, which host a forge for their communities. The Debian project operates Salsa, a GitLab instance for hosting Debian-related repositories.
Continue its own precedent of providing services for the benefit of the OpenStreetMap community. An example is the BigBlueButton instance, which is used not just for OSMF meetings but also for e.g. online OSM editing workshops.
Support its own culture of free software, extend it to source code collaboration services, and encourage projects to choose freer alternatives for hosting.
I and other members of the free software community would be happy to assist with the migration.
For whatever good it does, I’ll also quote one of my responses to that thread -
Let me address this very early on for everyone’s benefit, so this conversation stays on the right track - there’s nothing quite so infuriating as someone dismissing or minimizing one’s concerns as “philosophical” or (another popular term) “ideological”.
If anyone does not see the issues I’ve listed as important, it reveals their complacency, short-sightedness, and ignorance of history. Such persons should refrain from erasing others’ concerns by calling them “philosophical” or “ideological” on account of their own limitations - such an attitude is not conducive to constructive discussion.