salsa.debian.org (git.debian.org replacement) going into beta
Nicolas Vigier
boklm at mars-attacks.org
Thu Dec 28 13:01:02 UTC 2017
On Thu, 28 Dec 2017, Paul Sherwood wrote:
> On 2017-12-27 17:38, Nicolas Vigier wrote:
> >On Wed, 27 Dec 2017, Paul Sherwood wrote:
> >>- Github is proprietary, so we can not properly assess what is being
> >>done
> >>to/with the repos, or who is doing it.
> >
> >While there might be other reasons to prefer using services from people
> >who also publish free software, I don't think "properly assessing what
> >is being done to/with the repos" is one of them.
>
> OK, we seem to disagree on this, then.
>
> I see value in establishing that the history of a repo is what it claims to
> be; widespread access to the source of GitLab gives me some (misplaced?)
> comfort, but I may be wrong.
Widespread access to the source of GitLab is nice so that anybody can
use it on their own server and help improve it. But there is no proof
that the same code is being used on gitlab.com, and admins of the
gitlab.com servers would still be able to modify the repositories hosted
on those servers if they wanted. I still think it is unlikely that they
do anything bad with the repositories they are hosting, but it just seems
wrong to imply that because they publish some source code their servers
can be trusted more. But maybe I misunderstood your email and that's
not what you were saying.
More information about the Reproducible-builds
mailing list