On Sat, 22 Feb 2025 22:35:21 +0900 Maxim Cournoyer <maxim.courno...@gmail.com> wrote: > [0] https://forge.a-lec.org/ (self-hosted in France by a nonprofit! [1]) > [1] https://www.a-lec.org/ Personally I have a private repository on forge.a-lec.org that I use for Q/A for a project I participate in, and so I push and pull regularly from it, and it has significant downtime (It's subjective but I've seen it down way more than Savannah). So I ping neox each time that happens and he does what needs to be done to bring the service back online (he's involved in maintaining these services).
Since this is operated by volunteers, people can join and help somehow, but not only it probably requires to be a member of the association, but as usual it also requires time. International projects already asked for hosting in this infrastructure so it may be possible to join remotely but I didn't try that. That infrastructure is pretty clean, but more work is needed in this area: it runs on KGPE-D16 (that even run GNU Boot) on Trisquel, but they didn't manage to disable some forgejo features that they wanted to disable for freedom reasons, so they simply tell people not to use them. I didn't follow all the discussions about that but according to Neox who was involved in it, it's documented in xmpp://comin...@salons.a-lec.org and in various bug reports that are in the forgejo instance of Libre en communs. The problem is that automatic builds depend on NodeJS and docker, and while there might be ways to workaround both they require time and I didn't look into it, and some of the ways to workaround might not be straightforward (for instance docker-registry has no usable authentication / authorization for such use cases, it requires additional software that probably need to be packaged, all that probably need to be integrated somehow not to point to docker.io, etc). I've done work here and there to try to fix the docker issue in a more generic way but it's far from finished. My idea was to first find a way to enable communities to setup their own public docker registry like Fedora does, and then find ways that would work for FSDG distributions to publish their docker container in either self-hosted repositories and/or in a public one that only accepts FSDG compliant images. All that requires a flexible enough authentication/authorization to work and that is however not packaged nor tested (or documented) in any FSDG distro yet. Making 100% private repositories work fine though, including in Guix. Once this is taken care of, remains the fact that the security would be downgraded from GPG to HTTPS, but that is probably not the end of the world and things could probably be worked around if needed with the help of that authentication/authorization for instance by mirroring docker repositories locally, using self-signed certificates and/or localhost, etc. Having a less generic solution might be better though, like using 'guix' or 'debootstrap' to build containers within the forgejo, but that also require volunteers to implement that. Denis.
pgp4_huwMeXbj.pgp
Description: OpenPGP digital signature
