humanacollabora/forge_comparison.md

86 lines
14 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[//]: # (** DO NOT EDIT this file directly! ** It is auto-generated. Changes should be made to financial_institutions.sql or gen_forge_table.sh instead.)
# Directory of forges
The following forges have no significant ethical issues:
| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare MitM* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* |
|---|---|---|---|---|---|---|---|
([onion](http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion))|✅|Gitea|n|n|n|n|Focused on human rights|
[git.fsfe.org](https://git.fsfe.org)|✅|Gitea|n|n|n|n|Access intended only for FSFE projects and very small projects; SSH port: 22|
[git.fuwafuwa.moe](https://git.fuwafuwa.moe)([onion](http://git.fwfwqtpi2ofmehzdxe3e2htqfmhwfciwivpnsztv7dvpuamhr72ktlqd.onion))|✅|Gitea 1.13.6|n|n|n|n|SSH port: 22; SSH over Tor [broken](http://git.fwfwqtpi2ofmehzdxe3e2htqfmhwfciwivpnsztv7dvpuamhr72ktlqd.onion/levena/fuwafuwa/issues/1); HTTPS over Tor works|
[dev.sum7.eu](https://dev.sum7.eu)|✅|Gitea 1.14.0[⚠][gitea-bug]|n|n|n|n||
[forge.april.org](https://forge.april.org)|❌|Gitea 1.15.6[⚠][gitea-bug]|n|n|n|n|French is the primary language; no registration form; access is for [April](https://www.april.org) members -- but perhaps April membership is open to all?|
[git.disroot.org](https://git.disroot.org)|✅|Gitea 1.15.6[⚠][gitea-bug]|n|n|n|n|SSH over Tor works; based in NL|
[git.nixnet.services](https://git.nixnet.services)|❌|Gitea 1.15.6[⚠][gitea-bug]|n|n|n|n|formerly git.nixnet.xyz|
[git.nogafam.es](https://git.nogafam.es)([onion](http://git.hsdtecd4h2b5z732pvkg2yw3746epap4qusgvjjze6nhmfcdpz2suiad.onion/))|✅|Gitea 1.15.6[⚠][gitea-bug]|n|n|n|n|[SSH disabled](https://git.nogafam.es/deCloudflare/deCloudflare/issues/18#issuecomment-75); large repos are [git-inaccessible over Tor](https://git.nogafam.es/deCloudflare/deCloudflare/issues/18#issuecomment-48); onion site is down|
[git.safemobile.org](https://git.safemobile.org)|✅|Gitea 1.15.6[⚠][gitea-bug]|n|n|n|n||
[opendev.org](https://opendev.org)|✅|Gitea 1.15.6[⚠][gitea-bug]|n|n|n|n|SSH port: 22|
[git.pofilo.fr](https://git.pofilo.fr)|❌|Gitea 1.16.1[⚠][gitea-bug]|n|n|n|n|no registration link|
[git.kescher.at](https://git.kescher.at)|✅|Gitea 1.16.5[⚠][gitea-bug]|n|n|n|n||
[git.redxen.eu](https://git.redxen.eu)|❌|Gitea 1.16.5[⚠][gitea-bug]|n|n|n|n||
[git.platypush.tech](https://git.platypush.tech)|✅|Gitea 1.16.8[⚠][gitea-bug]|n|n|n|n||
[git.slipfox.xyz](https://git.slipfox.xyz)|✅|Gitea 1.17.2[⚠][gitea-bug]|n|n|n|n||
[framagit.org](https://framagit.org)|✅|Gitlab (CE 13.10.2)|n|n|n|n|[may become more restricted](https://framablog.org/2019/09/26/lets-de-frama-tify-the-internet) in mid-2021|
[git.jami.net](https://git.jami.net)|✅|Gitlab (CE)|n|n|n|n|possibly restricted to Jami efforts; acces to help page blocked to non-members so CE/EE unknown|
[gitlab.gnome.org](https://gitlab.gnome.org)|✅|Gitlab (CE)|n|n|n|n|possibly restricted to Gnome efforts|
[gitlab.tails.boum.org](https://gitlab.tails.boum.org)|✅|Gitlab (CE)|n|n|n|n|possibly restricted to Tails efforts but no AUP says otherwise|
[gitlab.torproject.org](https://gitlab.torproject.org)|✅|Gitlab (CE)|n|n|n|n|open registration; repo creation possibly restricted; Google reCAPTCHA is [allegedly](https://lists.gnu.org/archive/html/repo-criteria-discuss/2021-03/msg00000.html) used, but [not at registration time](https://gitlab.onionize.space); its possible to [create an anonymous bug report](https://anonticket.onionize.space)|
[source.small-tech.org](https://source.small-tech.org)|❌|Gitlab (CE)|n|n|n|n||
[notabug.org](https://notabug.org)([onion](http://qs3zumwfci4tntnd.onion))|✅|Gogs|n|n|n|n|based on [liberated](https://notabug.org/hp/gogs) fork of Gogs; [supports Tor](https://notabug.org/tor) (the *onion* web UI is currently disabled in response to attack but the onion site accepts git connections); supports SSH keys and SSH over Tor to NAB's onion service; no e-voting; NAB doesn't associate PGP keys to users, so PGP signed commits may be unavailable or more manual work needed.|
[launchpad.net](https://launchpad.net)|✅|Launchpad|n|n|n|n|It's [unknown](https://wiki.freephile.org/wiki/Comparison_of_git_hosting_options) whether it functions without JavaScript; no wiki|
[gitee.com](https://gitee.com)|✅|OSCHINA|n|n|n|n|based in China; registration over Tor with throwaway email works; no automatic mirror (unlike Gitea); some areas written in simplified chinese|
[code.netlandish.com](https://code.netlandish.com)|❌|Sourcehut|n|n|n|n|Access restricted to staff of the company working on the hosted projects|
[sr.ht](https://sr.ht)|✅|Sourcehut|n|n|n|n|javascript-free; supports patches sent by email; offers an [IRC bouncer](https://sourcehut.org/blog/2021-11-29-announcing-the-chat.sr.ht-public-beta/); recognizes the harm of Cloudflare and takes an [ethical stance against it](https://srht.site/limitations)|
## Graylist
These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors. Sites that are dead or previously dead are also graylisted because if they come back online, they are known to be unreliable. Resource deprived instances are graylisted because they may become unstable or unreliable in the future, or if your repo is resource heavy you may be asked to leave. Codeberg is graylisted for falsely accusing a repository of illegal conduct and deleting the content of all forks from that project without evidence or redress.
| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare MitM* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* |
|---|---|---|---|---|---|---|---|
([onion](http://githidep2hynhdmutuv7n2tei4iie2c7lyqz5fes3r5zzoxe5dshtxyd.onion))|❌||n|n|n|n|**dead site**|
[gitea.shuishan.net.cn](https://gitea.shuishan.net.cn)|❌|Gitea|n|n|n|n|**dead site**|
[gitnet.fr](https://gitnet.fr)|✅|Gitea|n|n|n|n|Forge is resource deprived. The admin (simonv) had to ask a project to leave his forge for [performance reasons](https://framagit.org/dCF/deCloudflare/-/issues/46)|
[yerbamate.dev](https://yerbamate.dev)|❌|Gitea|n|n|n|n|**dead site**|
[de.edumat.io](https://de.edumat.io)|❌|Gitea 1.5.2|n|n|n|n|**dead site**; no SSH|
[git.teknik.io](https://git.teknik.io)|❌|Gitea 1.9.0|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)|
[git.openprivacy.ca](https://git.openprivacy.ca)([onion](http://gitopcybr57ris5iuivfz62gdwe2qk5pinnt2wplpwzicaybw73stjqd.onion))|✅|Gitea 1.12.4|n|n|n|n|Tor users get 404 - suspected botnet if visiting the clearnet site from a browser that does not act on the “onion-location” header; [listed](https://framagit.org/dCF/deCloudflare/-/blob/master/cloudflare_users/cloudflare_supporter.md) as a Cloudflare supporter for spontaneously deleting the repo of an anti-Cloudflare project without warning.|
[gitea.it](https://gitea.it)|✅|Gitea 1.12.4|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)|
[git.kiwifarms.net](https://git.kiwifarms.net)|✅|Gitea 1.13.1|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)|
[codeberg.org](https://codeberg.org)|✅|Gitea 1.14 customized[⚠][gitea-bug]|n|n|n|n|Based in Germany; [censored an anti-Cloudflare project](codeberg.md) in a reckless and destructive manner; functions without any JavaScript and the JavaScript that exists is all 1st-party ([ref](https://github.com/privacytools/privacytools.io/issues/843#issuecomment-483830547)); devs make [foolish decisions](https://codeberg.org/Codeberg/Community/issues/444) (improving performance by breaking some browsers, when the performance improvement only affects those they broke.)|
[git.sdf.org](https://git.sdf.org)|✅|Gitea 1.14.1[⚠][gitea-bug]|n|n|n|n|git.sdf.org [censored](https://git.sdf.org/deCloudflare/deCloudflare) the deCloudflare project without warning, reason, or recourse. So git.sdf.org apparently unwelcoming of projects driven by privacy, netneutrality, or anti-tech-giant types of activism. Performance is sluggish and the website often times out (perhaps because SDF is also tar-pitting many Tor IPs in defense of attack & its unclear if this is a temporary measure); SSH over Tor broken but HTTPS over Tor works|
[git.passageenseine.fr](https://git.passageenseine.fr)|✅|Gitea 1.14.2[⚠][gitea-bug]|n|n|n|n|Was previously down for a lengthy period thus considered unreliable.|
[git.eta.st](https://git.eta.st)|✅|Gitea 1.15.0[⚠][gitea-bug]|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)|
[git.slashdev.space](https://git.slashdev.space)|❌|Gitea 1.15.4[⚠][gitea-bug]|n|n|n|n|**dead site**; SSH port: 22; SSH over Tor broken (try HTTPS over Tor)|
[try.gitea.io](https://try.gitea.io)|✅|Gitea 1.16.0[⚠][gitea-bug]|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch); Intended only for Gitea experimentation; no expectation of future availability|
[forge.chApril.org](https://forge.chApril.org)|✅|Gitea 1.16.6[⚠][gitea-bug]|n|n|n|n|Censorship: spontaneously deletes peoples repos without warning, reason, or recourse. Forge is unsuitable for activism. French UI.|
[git.exozy.me](https://git.exozy.me)|✅|Gitea 1.18.0[⚠][gitea-bug]|n|n|n|n|silently deletes repos without notice; [supports federated issues](https://social.exozy.me/@ta180m/108631221939677386)|
[git.shivering-isles.com](https://git.shivering-isles.com)|❌|Gitlab (CE)|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch); Registration is open but broken-- requires 2FA using a device that can QR-scan, and the email verification link is DoA: ![](images/shivering-isles_broken_reg.png) That stale link error triggers even when accessed immediately.|
[git.stuxhost.com](https://git.stuxhost.com)|❌|Gitlab (CE)|n|n|n|n|**dead site**; **Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)|
[git.hardenedbsd.org](https://git.hardenedbsd.org)|✅|Gitlab (EE)|n|n|n|?|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch); possibly restricted to BSD efforts|
[mypdns.org](https://mypdns.org)|✅|Gitlab (EE)|n|n|n|?|Previously down-- sudden death of website without warning to repo admins. Came back online months later but peoples accounts and repos were mysteriously gone; Was home of the deCloudflare and /Right to be Offline/ projects; It was open reg but considered a “private system” whereby the option to create a new repo was not immediately available.|
[source.puri.sm](https://source.puri.sm)|✅|Gitlab (EE)|n|n|n|?|open registration but activity is [restricted](https://social.librem.one/@kyle/106030358887310621) to puri.sm efforts; accounts are subject to spontaneous unjustified bans (apparent censorship): ![](images/purism_ban.png); no CAPTCHA (confirmed March 2021); is the JavaScript non-free with the enterprize edition?|
## Blacklist
These forges have severe ethical or trust issues and should be boycotted:
| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare MitM* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* |
|---|---|---|---|---|---|---|---|
github.com|❌ (exclusive walled garden)||y|n|n|☣|**access granted or denied based on national origin**; [copious ethical issues](github.md)|
sourceforge.net|❌ (exclusive walled garden)||n|n|n|☣|**access granted or denied based on national origin**; Important site [functionality does not work without non-free JavaScript](https://www.gnu.org/software/repo-criteria-evaluation.html)|
bitbucket.org|✅|Bitbucket Server|n|n|n|☣|**Amazon AWS-hosted**; needs non-free javascript that [clusterfucks uMatrix](https://github.com/privacytools/privacytools.io/issues/843#issuecomment-483830547); has some relationship with Netlify; access to source code [restricted](https://en.wikipedia.org/wiki/Bitbucket#Bitbucket_Server)|
libregit.org|❌|Gitea|n|y|n|n|reg by invite only|
git.feneas.org|✅|Gitlab (CE)|n|n|⚒|☣|reCAPTCHA impedes registration and imposes non-free s/w|
gitlab.freedesktop.org|✅|Gitlab (CE)|n|n|⚒|☣|possibly restricted to Freedesktop efforts; reg. blocked by reCAPTCHA|
salsa.debian.org|✅|Gitlab (CE)|n|n|⚒|☣|**forced h/reCAPTCHA**; possibly restricted to Debian efforts; serves as an alternative to Debian's email-only bug tracker|
gitlab.com|❌ (exclusive walled garden)|Gitlab (EE)|n|y|⚒|☣|flagship instance running the *Enterprise Edition*; uses both hCAPTCHA & reCAPTCHA; heavily restricted with discriminatory policies; [copious ethical issues](gitlab-dot-com.md)|
⚠ Gitea versions note: Gitea 1.13.8 [breaks][gitea-bug] emoji in some browsers. The developers [believe](https://codeberg.org/Codeberg/Community/issues/444#issuecomment-198199) that by not supplying fonts to the web visitors who need them, they are improving server performance. Of course the server load is only reduced when talking to a browser that does not have the needed fonts. The idiots could also simply arbitrarily deny service to users at random to get a performance increase. Obviously they have misunderstood the point of performance in the first place: availability!
The best Gitea version ATM is 1.13.7 but there are no known instances of this.
[gitea-bug]: https://codeberg.org/Codeberg/Community/issues/444