I checked out Forgejo shortly after they forked to potentially replace a Gitlab instance. At the time at least, what I found was they seemed to be spending most of their efforts bickering over a code of conduct and I think they already managed to have a scandal of sorts where they decided to kick someone out for CoC violations. This was before they had even made any real code changes. It really turned me off; I don't want to be dealing with a project that uses a CoC as a weapon. I don't know if the situation has changed or not, but if that kind of thing worries you, then I suggest looking into it before going all-in on Forgejo.
In a similar vein, I'd put in a word of caution against Gitea. The trademarks and domains were transferred to a for-profit entity (Gitea Ltd) against the protests of the community [0], which is the event that prompted the creation of Forgejo in the first place. Now gitea.com is under the control of a different company (CommitGo, Inc), with no explanation given for why this entity was created [1].
Personally, given a choice between a project that enforces a CoC and a project that keeps creating new for-profit entities to hold the community's IP, I'll take the CoC over the concerning corporate structures.
Oh dear. I like Code of Conducts. I put my pronouns on stuff. I moderate a largely LGBTQ community. I am absolutely, 100% in favor of DEI and making sure people in minority groups feel safe and comfortable contributing to the communities I'm in.
And I think those comment edits are a very bad look for the project. I don't know the people involved at all. Maybe the person applying to be a moderator is an angel of a person, and the people opposed to their appointment are awful. I have no idea. But what I saw there was someone raising concerns about a specific person's behavior, and their comments being essentially deleted as ad-hominem attacks. That doesn't sound right to me. The person wasn't saying "you smell funny so I'm ignoring your argument". They were saying "you did some things in a previous role that made me think you're not a good fit for this one". I didn't interpret it as an ad-hominem attack at all.
I hope this is a tempest in a teapot that blows over quickly.
This is interesting. I run a Forgejo instance but if the project is really more of an Ayo.js (over-interested in governance and office politics, under-interested in coding), I would consider Gitea or Gitlab instead. Do you have a source? I can't find anything about this online.
Be warned that Gitea has its own problems—the trademarks and domain were transferred to a for-profit entity (Gitea Ltd. [0]) and gitea.com is now being operated by a different for-profit entity (CommitGo, Inc.). Given that Gitea Ltd. was created specifically to make money to fund the development of Gitea, it's concerning that they already felt the need to obfuscate the situation further with another company, with no real explanation for why. I think the Forgejo developers were correct that the transfer of the IP did not bode well for the future of the open source project.
As for GitLab, I'm concerned by the fact that the company has become weirdly enterprise-y of late. This might not affect the self-hosted version yet, but I wasn't willing to risk it. I ended up going with Forgejo as the option with the least concerning governance structure.
My main problem with GitLab is not only that they have become very enterprise-y, having tons and tons of features to the point that it's impossible to find anything in the left menu. It's that they don't seem very good at it: it seems that every week, another critical security release comes out with a dozen very exploitable CVEs. Makes me feel like they can't write this many features correctly...
Jan 25: CVE-2024-0402 (critical, unprivileged RCE), CVE-2023-6159 (medium, ReDoS), CVE-2023-5933 (medium, CSRF), CVE-2023-5612 (medium, info disclosure), CVE-2024-045 (medium, arbitrary change of ticket assignees)
Jan 11: CVE-2023-7028 (critical, arbitrary account takeover without interaction), CVE-2023-4812 (high, bypass MR approval rules), CVE-2023-5356 (high, privilege escalation from Slack/Mattermost integration), CVE-2023-6955 (medium, run commands in Kubernetes cluster from another subgroup), CVE-2023-2030 (low, commit signature validation issue).
Note that those are all GitLab issues, not issues with Git or SSH that affect the GitLab application. Running a self-hosted GitLab really keeps you on your toes...
This was a year or 2 ago - I didn't save specific links. However, if you're interested, you can poke around in https://codeberg.org/forgejo/meta. Below are two that I just found now that represent the kinds of things I saw at the time that concerned me. There were teams being formed and dissolved and multiple accusations of CoC violations flying around with lengthy, passionate discussions being had on these topics. It gave me a strong vibe of a group of people that was way more concerned with the power and control aspects of a project than the engineering.
There's also the behavior that others have linked in comments here about the fact that they have people designated as "enforcers" who edit/remove content and comments they don't like.
This whole HN story is about Forgejo doing a hard fork and focusing on their own code instead of relying on Gitea, so I don't think calling them under-interested in coding is accurate.
i guess if you think enforcing a code of conduct is a "scandal" and a "weapon" then maybe it's not for you? most people don't get hung up on this stuff though.
I think that bickering over a code of conduct before anyone has even written any code is a potential sign of a project that's not going to be healthy. It's not a guarantee, but it's a big deal to switch to a new system so I wanted to be cautious.
And as for "maybe it's not for you", I agree and that's what I stated. I wanted to bring it to the attention of other potential users who may also feel that it's not for them either.
As someone who’s built a community code of conduct from scratch, you have to discuss what everyone thinks is important to come to consensus. Reducing this critical discourse to “bickering” indicates to me that you’re not the right person to be a part of that process.
I have no interest in being part of that process at all. I'm not sure what the point of your response even is. I was evaluating Forgejo as a potential replacement for my Gitlab instance. What I saw was a very young project that was already completely wrapped around the axle with drama an infighting. I made a decision to pass it by because to me, this represents a high risk of a project that will implode under its own weight. I hope I'm wrong, because I'd like to see some sort of Gogs/Gitea-like project succeed. Years ago I checked out Gogs and it was interesting but not quite ready. More recently I just about pulled the plug on moving to Gitea, but then the mess with ownership happened. Forgejo was announced and so I checked it out, but didn't like what I saw.
You may have a different opinion of the importance of these issues (or disagreement over whether they're issues at all) and I respect that. I'm simply sharing mine.
But the bickering is bad. It's almost always a clique of mostly white, mostly upper middle class, who have a lot of time on their hands and that are more familiar with how to "play" the culture. Whenever I hear about a project with permanent COC bickering and enforcing and blablabla, I just know exactly the demographic that will be part of said project. It cannot be more off-putting for non western devs and contributors if they tried.
This is a very HN-eternally-online position. I've not run into any engineer in the real world who doesn't (even begrudgingly) accept that politics are a thing that are going to happen.
Groups of people are politics. At some point you need to get over it.
Some people rightfully want to see what the engineering effort and roadmap is gonna be before becoming invested in it, since there's always a cost.
Simple aesthetic changes and codes of conduct / political alignment for contributors are not enough for forks to become full things of their own. Even if they can help (branding, community, etc.). Or hurt (Forgejo is harder to pronounce. And CoC have potential downsides, possibly excluding good people, ironically, over banal minutia and hostile environment around being "not hostile" - like you saying he is "hung up" on it...).
Gitea was already a fork of Gogs, so why should contributors use this fork of a fork?
These forks (and direct clones) are like little political secessionary/independence movements, both making lofty statements and splitting would-be contributors. Sometimes it works out very well and they become full independent things of their own (GNU stuff), but it's fair to want to get on to see the actual engineering side of things.
Forgejo forked Gitea IIRC because of problems in the Gitea governance of the Gitea trademark, a limited company was founded by some Gitea contributors, without consent of the larger group of Gitea developers.
So I only find it natural that a group of people who split off of Gitea took extra care to set up some kind of governance model.
Those who dislike the idea of a code of conduct can of course also contribute to Gitea or Gogs, or fork Forgejo, etc. This is free software after all.
With 23 open and 1.381 closed PR forgejo seems like an active project, it's in use at codeberg.org which means it isn't a random fork.
HN is just anti-CoC overall so any project that actually does something with one other than it being a file sitting in the repo gathering dust earns ire.
My understanding of the frustration is Codeberg had over-invested in Woodpecker CI and so were blindsided by the appearance of Gitea Actions runner, that was developed by a core contributor, funded by an external party. In my mind, Forgejo's creation is an overreaction to basically this event.
It's true that Gitea could have had more openness about such forthcoming development, and I think the new company structure for lunny + techknowlogick will really help them with this and being more professional.
Gitea still has all the development resources and the vast bulk of all PRs. They're committed to MIT with no CLA, the lead developers are there, and that really matters.
In comparison, Forgejo to this point has dragged its feet to rebase its few (~100) patches onto each new Gitea release. Most of the changes are simply rebranding, plus some new moderation tools for codeberg. Although codeberg don't even run forgejo directly but yet another downstream fork.
So I think this hardfork will likely spell the end (or: rebirth) of forgejo. They haven't demonstrated much independent development so far. The worry about keeping some MIT independence is I think a sideshow, the latest Gitea is still MIT and with no CLA. So if forgejo may no longer be drop-in compatible, why would you switch to them?
I wish Gitea and Codeberg could be better friends. Gitea has had amazing success this year with adoption by Blender and other large projects.
I think this is a bit misleading. Prior to this, trademarks and domains were held by some of the lead developers. After this, it's the same people. It's not worse.
I wish it were possible to compare user numbers between the 2. That's not everything, of course, but it does say a bit about the long-term viability. That's crucial when there's talk of a hard fork: am I leaving a project with a million active users for one with 7? Or maybe it's the opposite, and I need to get off the sinking ship while they're still compatible?
Not sure about Gitea, but Forgejo is what is being used for Codeberg (and maintained by the same people, maybe?) whereas the voluntary association behind Codeberg (Codeberg e.V.) has at least 429 members (https://blog.codeberg.org/letter-from-codeberg-looking-into-...), so I think it's pretty safe to say Forgejo will be maintained for the time being.
How many of those members are actually capable of maintaining the codebase? How many of them will leave at the first sign of trouble or some petty conflict?
I'm guessing most of them, as the organization is focused around codeberg.org, a git repository hosting service, like GitHub but open source and supported by a non-profit.
It'd be pretty weird for non-software developers to join a non-profit association behind a git forge. And if that wasn't enough, joining the association also requires paying an annual fee.
If the existing leadership disappeared tomorrow though, how many would actually have enough free time and energy to actually continue running the ship? That I'm not sure about, but the capability is there if there is will.
Politically-motivated forks by non-developers have happened in the fast. For example, https://github.com/ayojs/ayo — a fork of node.js, whose only changes were to README.md and CODE_OF_CONDUCT.md, everything else was just copied from Node.
> Politically-motivated forks by non-developers have happened in the fast
Sure, but is that really what Codeberg/Forgejo is? As far as I can tell, the contributors have demonstrated they have technical capability (look at Woodpecker or Codeberg.org itself for examples), so they're not non-developers.
And the fork happened as a way for them to protect codeberg.org, as the main software they were using for codeberg.org seemed to have volatile ownership, so it's a move to avoid any potential issues, not just a "politically-motivated fork", but a "organization survival fork".
As a counter-example, look at iojs, which was also a fork of nodejs, because of disagreement of governance. Eventually, nodejs conceded and eventually the two projects were re-merged with each other, with changes from iojs being accepted into nodejs.
I understand the changes to Gitea pissed the community so much. But at least it appears they are not resorting to a "bait and switch" with the open-source license, and remain committed to retaining the MIT license.
Offering a managed service and paid support seems like a reasonable move to me, and would certainly benefit many small and medium organizations. The profit gained from business could also provide funding for contributors and maintainers.
I like the approach of taking money from corpos to make FOSS stronger. Hard-forking an already MIT licensed project for just another one is really bad for both side.
Gitea + Drone has been a great combination. I have a somewhat complex project with CI pipelines running on x86/arm64 Linux and x86 Windows and from time to time considered switching to Forgejo + actions or Forgejo + Woodpecker CI but they don't seem to support Windows runners or offer anything worth the hassle really.
The most fascinating part of this post to me is that even after reading the pronunciation key [1] I still don't feel confident that I'm saying the product name correctly. It makes me reflect on how English-centric the web still is even in 2024, and it makes me wonder if non-native English speakers have similar hang ups with other popular apps/companies.
> makes me wonder if non-native English speakers have similar hang ups with other popular apps/companies
As a non-native English speaker, I can confirm that you are right. This happens all the time. I used to pronounce "Cache" as "kay-sh" for a decade or so (sometimes I still do)
But the product name isn't English, it's Esperanto. Most native English speakers won't have a clue how to pronounce it correctly, since /j/ in English is always produced like the "dg" in "edge", while in many European languages (including Esperanto) /j/ sounds like "y".
I only know how to pronounce it because I speak Esperanto. forĝejo is pronounced "forge" like the English word) + "ayo" (like the "ai" in "aim", plus the "yo" in "yo what's up".)
WhatsApp is notoriously bad at this, the pronunciation is not very obvious if you don't speak English. I've definitely heard non-English speakers pronouncing it with more of an a sound, like in farm.
That's hilarious, I didn't even realize it was a clickable link! Well, file formats aside, props to the team for including an audio recording of how to pronounce it.
> It will remain possible to upgrade from the latest Gitea version released at the time of the hard fork, but versions past that will not have such a guarantee.
I recently did try to upgrade my Gitea instance to Forgejo but it wasn't a success. I've ended with just hard re-import of the repos, of which the hardest part was manually clicking all 'orphaned' repos.
Can't say anything (good or bad) yet of this whole situation, but Forgejo has a chance to be a bit better product... while it have the manpower and funds.
ATM there is virtually no difference between them if you are interested in the basics.
Mirroring was working fine in Gitea, no reason it would be broken in Forgejo.
The whole ordeal reminds me of OwnCloud/NextCloud split: both are fine if you need the basics, OC is on the negative list for paywalling the already existing functionality, NC tries too hard to be Nero Burning ROM of webapps; both are shit nowadays.
I didn't like how the takeover of G. went, so when I had the opportunity, I tried to migrate to F.
It's Esperanto, minus the diacritic on the "g" -- the word is forĝejo, meaning a place where things are forged (metalworking, not false documents). It's basically pronounced like the English word "forge" then "eh" then "yo".
Quite a lot of things are named in Esperanto like the cryptocoin Monero (coin), the watch brand Movado (movement), the last name of George Soros (will-soar, I'm not joking; his Esperantist father literally changed his family name to that)
I remember when that one was what a lot of people were looking into, before the Gitea fork happened. It's odd to see how this has happened yet again, but I guess is a good thing that it's even possible in the first place, if there are indeed differing values and goals?
Hate to be that guy who "ignores" the huge amount of effort and people's free time just to "bitch" about the name, but...
the name is horrible and that has real impact because people can't pronounce it, don't like it and forget about it. So the project will have low adoption and sooner or later will be abandoned. Name is only a factor, but IS a factor.
The devs don't owe anything, I'm just asking for a consideration.
That would be more compelling if their entire site and documentation wasn't in english, and if the word in question hadn't been pulled from esperanto, which I can safely say rather fewer people have ever used.
If people find the name irritating enough that they don't want to use the project, they perhaps wouldn't be “good” users of the project anyway.
If you _really_ find the name problematical, fork it and rename it yourself. Though accept that you will be volunteering yourself for some admin and comms burden if anyone else uses your fork.
My main point is that choosing about a name you aren't sure how to pronounce isn't a real critique. If such a name is going to put someone off, did they care about the project in the first place or are they just looking for something to complain about? I shouldn't have muddled the waters with the fork comment.
I can understand complaints about conflicting names, blatantly offensive names, and so forth, but names that could be pronounced more than one way? Nope.
