Federated software forges with Gitea
Use W3C ActivityPub to federate amond software forges
Gitea is a popular free and open-source software forge, a solution for code hosting, version control (using Git) and featuring other collaborative features like bug tracking, wikis and code review. Unlike proprietary platforms like GitHub, anyone can host the software for themselves and for others - and retain full control and confidentiality over their operations and community. The goal of this project is to implement federation features to Gitea, by implementing among other the W3C ActivityPub standard. This is an important enabler that can be used to implement a distributed search across different software repositories - an important feature for decentralised systems. The project will also make sure to verify the implementation of the federation proposed for Gitea is conformant with the ActivityPub W3C standard as well as the Forgefed models.
- The project's own website: https://gitea.io/
Why does this actually matter to end users?
Visibility of open source software efforts these days is to a significant extent determined by the search ranking of large global brands like Microsoft GitHub, Bitbucket and GitLab - rather than on the direct merits of the project itself or the reputation of the organisation behind it. Mere code hosting started to become overloaded with business and gated social network features, and as a result centralization of FOSS development has become a noteworthy problem. While this at first may not seem like a big deal, this effectively creates an unnecessary systemic dependency, a significant risk for surveillance and a kill switch/choke point.
This is especially important for people working on critical technologies for government, in civil society and in the private sector. The 'private' repositories inside for instance Microsoft GitHub fall directly under programmes like PRISM. Do you really want to expose all the work done by developers of your confidential internal project, including the risk of stylometric analysis? What do you do if the accounts of team members are suspended overnight because some internal algorithm was too trigger-happy - and all of a sudden their work becomes invisible to everyone else, even in a private repo? And what if this happens not to you but on one of the many dependencies in the software supply chain.
Making FOSS hosting itself more robust, federated and decentralised is therefore important - not just to improve the stability of the internet but to restore our sovereignty.
Of course this should be done in a solution agnostic way. The idea of this project is to extend Gitea (an easy to self-host code forge), with ActivityPub support. Other forges are working on similar efforts with support from the Next Generation Internet initiative, e.g. ForgeFed and Forgefriends.
This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.