Loading Stories...
Loading Stories...
GitHub has a number of weird repos from popular projects which are just copies of other repos. You can look, but you can't touch. (WordPress and Linux are the big ones).
It would be brilliant to look at a project in my preferred UI and raise issues / PRs without having to sign up to yet another service.
Very excited to see how this pans out.
I now have the possibility to open PRs and comment on them for a repo that is hosted on another instance. I still have to deal with user permission. Just because others can interact with my GitLab instance and repos I don't necessary want them to see everything. So user permissions is still a thing.
It would just have the time of creating an external user on my instance (or paying premium for them). Buth this could also be archived via OIDC logins of specific allowed accounts.
Am I missing the advantages here?
This sounds like they're trying to make a proprietary GitLab-only alternative to Forgefed. I don't understand who would want this.
Edit:
Ah, this sounds like the opposite: https://gitlab.com/groups/gitlab-org/-/epics/11247#note_1529...
Good!
ActivityPub's open standard is an added bonus. A fediverse for code? Sing me in.
Sure, it's cool I can send a merge request to another server whatever, but... why are we like this
Then collaborating peer forges could clone the info straight from git and submit changes etc. I think git already has all the sharing tools necessary, what is needed is standards and converters.
I'd love to regain the ability to contribute to stuff that is trapped in the Codeberg ice without having to create another account on a service with that sort of ramshackle operating approach.
You mean a standard like activitypub? /s
There is some discussion in there epic tracking the feature - https://gitlab.com/groups/gitlab-org/-/epics/11247
The typical interface for handling merge/pull requests adds so many useful things over just sending a patch - if the project has CI I can immediately see if it even successfully builds before even going into the details of the PR.
Same for reviewing, each comment can be replied to separately or resolved, which serves as a nice TODO list for the original author.
I know there are some things people don't like (I think Linus was pretty vocal about it), but it seems to be they could be easily fixed by modifying the available open-source forges. This proposal here for example fixes the concern about centralisation, so I guess it's a good step forward.
Or maybe I'm just young and like shiny things and will eventually have a spiritual awakening and learn about the virtues of sending in patches via email.
edit - learned about https://forgefed.org/ from a sibling thread, great stuff.
It's not clear about what you're complaining here. What exactly is ridiculous?
This just offers a different channel through which to circulate patches. Unlike email, which requires everyone follow some ad-hoc convention in the email message, with ActivityPub the protocol itself can support structured data about the patch.
(1) It's hard to track the development of a patch in mailing lists unless you actively follow it. Sometimes there will be a v7 patch but it gets buried in the sheer volume of other emails in the list. Sometimes discussions continue in the v6 thread while others occur in v7 so you have to track _both_ threads.
And god forbid people changing subject lines thus breaking the thread.
Meanwhile, discussions in forge workflow tend to be concentrated in the same merge request or issue.
(2) Discovering patches is also a fairly difficult thing to do in mailing lists. The forges include tools like issue trackers and in each issue there is a list of all mentioned merge requests, and the status of those MRs (whether open, closed or merged) are immediately obvious.
(3) I also like labels for similar reasons as (2) - don't get me wrong, I know email subjects often start with "some sort of tag:", but labels are sometimes used to mean "hey, this $MODULE1 code isn't directly related to $MODULE2, but might have some interactions with it so you should take a look". Cc-ing is a manual process which is annoying and like many manual processes is subject to human errors.
(4) Emails rely heavily on conventions, e.g. should people top-post or bottom-post or inline-reply? That introduces a barrier of entry.
As a sidenote, personally I hate that I occasionally have to scroll through long, long, emails that include reply chains from eons ago, but there's nothing email can really do to prevent it from happening. It's conventions all the way down.
It's better to ask "how many projects are stuck to Github exclusively because of collaboration tools, and how many of these would be able to leave Github once more Gitlab/Gitea/Forgejo are able to interoperate? How much of its customer base can Github afford to lose before being forced to give up their monopolistic strategy?"
IIRC Meta now has to implement interoperability with other chat apps like Signal, I wonder if GitHub will have to do the same through AP soon
- "Key server (cryptographic)" https://en.wikipedia.org/wiki/Key_server_(cryptographic)
- W3C DID Decentralized Identifiers (that you can optionally locally generate like pubkey hash account identifiers)
- "Linked Data Signatures for GPG" https://gpg.jsld.org/ ; GPG in (JSON-LD) RDF
- ld-signatures is now W3C vc-data-integrity: "Verifiable Credential Data Integrity 1.0 Securing the Integrity of Verifiable Credential Data" https://www.w3.org/TR/vc-data-integrity/
- An example of GPG signatures on linked data documents: https://gpg.jsld.org/contexts/#GpgSignature2020
- vc-data-integrity specifies how to normalize the document by sorting keys ~ in the JSON before cryptographically signing the transformed, isomorphic graph
- SLSA.dev also specifies signed provenance metadata (optionally with sigstore.dev for centralized release artifact hashes), but not (yet?) with Linked Data
- Blockcerts: blockchain-certificates/cert-verifier-js , https://www.blockcerts.org/guide/ :
> Blockcerts is an open standard for building apps that issue and verify blockchain-based official records. These may include certificates for civic records, academic credentials, professional licenses, workforce development, and more.
> Blockcerts consists of open-source libraries, tools, and mobile apps enabling a decentralized, standards-based, recipient-centric ecosystem, enabling trustless verification through blockchain technologies.
> Blockcerts uses and encourages consolidation on open standards. Blockcerts is committed to self-sovereign identity of all participants, and enabling recipient control of their claims through easy-to-use tools such as the certificate wallet (mobile app). Blockcerts is also committed to availability of credentials, without single points of failure.
- [ ] SCH: link a git commit graph (with GPG signatures) with other linked data of an open source software project; for example (SLSA,) build logs and JSON-LD SBOMs.
- >> Is there an ACME-like thing to verify online identity control like Keybase still does?
I was going to say that Microsoft has no social network, so that this might open them up etc, but then again, there's LinkedIn.
For me as a person who learned programming before the Internet was a thing, and has worked both on projects that do patches by email and on projects that use web-based pull requests, I also prefer the web-based pull requests in every possible way. The email based workflow is baroque, painful both to send and to receive, lacking in features, and error-prone.
The DMA/DSA laws also contain rules for smaller parties (I've been getting tons of ToS update emails mentioning the digital somethings act), but not interoperability
I understand that for some people digging through their email (and mailing lists archives) is fun but this is just a tiny minority.
> Sure, it's cool I can send an email with a patch to another user instantly, but... why are we like this
For email: It’s just there already, like you mention. Once you are setup you can do things like comment on a “line of code” very straightforwardly. It’s already distributed and all that. There are bespoke (project-specific probably) bridges from forges (maybe mostly GitHub) to mailing lists.
For this new thing: You don’t have to worry about all the legacy of email. You don’t have to worry about 90% of the world using email “wrong” according to techies. You can probably track changes more easily than keeping track of where you sent patches. You don’t have to make bespoke forge-to-email bridges.
With such a system, people could also contribute by writing the same emails by hand, as long as the format remains accessible. And no special protocols necessary, all existing mailing list infrastructure can be used instead of designing new complicated ways of doing the same thing.
yeah, but when was the last time any of us did that...?
GitHub had the best moat: network.
But yes, the additions have only deepened it.
So, as a maintainer the purpose of such a request for collaboration (it being a PR or a patch) is to determine if: a) it does what it's expected out of it, b) it matches the conventions of the existing code.
I, personally, can make a judgement about both of things better with a patch that I apply locally than with a PR.
The main issue with PRs (in my opinion) is that they limit severely the context in which the changes are viewed. If I want to properly review a piece of code I have to check it out and follow the diff in its proper context (either while debugging) or even while just reading it.
Source forges, through the PR mechanism, encourage superficial reviews and insufficient attention being given to the merged code.
How come? How is a text .patch file easier in this regard than a UI for essentially that same .patch? Can't you check out the PR in the same way you would 'apply' a patch to review it?
For what it's worth, you can just add .patch onto the end of a github PR URL to get that.
I would add that if you automatize it somehow, then you don't "just use e-mail", but you have a different protocol for it (over email in this case).
A personal todo list system that integrates with your email is also essential. I don't understand how people don't do it. It's all very well forges having status of MRs etc. but surely your job isn't only merging MRs on GitLab? So you'll have other todo lists distributed over various places like other forges, Jira type things and, of course, your email. Why not consolidate all your todos into one place? If you're interested in a patch, add it to your todo list and check the status of it periodically.
Conventions are good. It's part of being human. Learn how to use language to communicate with your fellow humans. It keeps the creative juices flowing.
I'm not opposed to web based git Forges provided they're reasonably responsive and not sluggishly slow like GitLab has become.
I've never used it, or seen it used in the wild, but it always seemed intriguing, and like the obvious approach. The web UI traction is far greater for this to have any serious usage, but I wonder if Git had that ability from the start, if the web UI concept would've taken off as it did.
That's a major understatement. To "just" add this into mainline git, you'd essentially need to either fork git itself in order to add these features or figure a way to add this without making breaking changes, and then convince git maintainers that your PR is worth adding, and then convince enough people to actually use this new standard in place of what they already have (which will also need them to integrate this with their existing forge infrastructure to mitigate XKCD Standards).
FWIW, my git is configured in such a way that pulling from github also pulls all PRs for that repo, so, in effect, all PRs are applied locally, and I can review them however I want.
I do think that email threads (when all parties are disciplined and have them properly configured) are superior to the PR+comments format for discussion, but applying patches from a mailbox has never seemed to me like a pretty and reliable way to go, so at least github helps with that.
At any rate, git sucks for reviews in general because it still lacks mercurial's "mutable-history"/evolve approach to safe and distributed history rewriting (or "diffs of diffs"), and that, to me, is saddening as one more evidence that git's monopoly is causing stagnation and unnecessary pain in this space.
`gh pr checkout NNN` works very well to give a local copy for review, by pulling and checking out the PR branch. There are equivalent commands for gitlab.
Also:
> The main issue with PRs (in my opinion) is that they limit severely the context in which the changes are viewed. If I want to properly review a piece of code I have to check it out and follow the diff in its proper context (either while debugging) or even while just reading it.
Both PRs and emailed patches encourage reading and reviewing just the patch. With emailed patches, you need to prepare a local branch with the patches applied if you want to do the kind of review you describe; with a PR, you need to fetch and checkout the PR branch. I would argue that checking out the latter is substantially easier than the former, especially given the availability of command-line tools like `gh pr checkout`.
* https://lwn.net/Articles/860607/
* https://lwn.net/Articles/952034/
* https://lwn.net/Articles/952146/
* https://lwn.net/Articles/950567/
I can of course do the same with the PR, but then it loses its convenience. :)
Yeah, better tooling like GitLab.
Thank you :-)
I don't see why we should still use email when half of that requires "non-email" tooling then. I like using emails for person-to-person communication, not this.
And what better tooling could it be if not a tool explicitly designed for software development, like GitHub/GitLab/Gitea?
>Conventions are good. It's part of being human.
It definitely won't keep the creative juices flowing when 99% of said conventions can be automated out. Rather, having to do everything manually impedes my ability to work on actual creative things. This paragraph is also semi-contradictory to your earlier paragraphs on tooling.
I am replying to you on HN without manually typing "From:" "To:" because the website has automated that process for us.
Furthermore, you are wholly sidetracking the core issue here which is "How can we enforce conventions?" The more laborious following a convention is, the harder it is to enforce the convention.
The amount of people who have the free time to massage `.muttrc` for patch based flow is pretty small. And https://sr.ht/ does not work for the volume that Linux kernel sees.
> What is really needed, he said, is to find ways to get away from the email patch model, which is not really working anymore. He feels that way now, even though he is "an old-school email person". [0]
Do you also DIY your dishwasher with an assembly line, a rotating robotic arm with a sponge, industrial chemicals? Or do you just use an off the shelf dishwasher if you're at the sufficient scale needed for one?
My advice is to develop your own personal tools in such a way that you can handle all kinds of interactions with other developers and projects. It's pointless saying "I prefer this or that" when you probably don't get to make those decisions. Projects develop workflows and common tooling like forges for practical reasons. But you, as an individual, shouldn't be tied to any one of them.
My point isn't at all about trying to switch projects from forges to email based workflows, it's merely saying that you can do things to improve your tools such that you can interact with those projects. If you find it difficult to work with a successful project with many contributors then you are the problem, not them.
It's just email. And it can do many of the things other forges do. Trigger builds, comment on patches, track issues, etc.
Nothing beats not using email at all.
Fastmail has a good web client though. But what is more important it has aliases and "Masked email". They kind of make you life with email a bit more bearable.
Still - best email is dead email.
(git(1) doesn’t help you with maintaining patch series)
But you gotta do most of the work of lining up what the previous thing was yourself. (Inconvenient if you rebased and can’t seem to find the previous version.)
Good defaults and good UI UX allow you to be done with your work quickly and even with some satisfaction from the process.
Neither applies to email in my opinion.
> is saddening as one more evidence that git's monopoly is causing stagnation and unnecessary pain in this space.
I disagree strongly with this type of sentiment. Mercurial works, mercurial source forges exist. It's entirely possible to use them for development. Complaining about git's success despite that feels a bit disingenuous.
Not at all. A PR still retains all the other useful features like separate threads for comments which be individually marked as done and CI checks. And not all PRs need a local checkout for a review.
It would be better if the user could actually select his tool instead of being forced upon a tool by a project or company. The former used to be the standard with email. Today, I have the impression half of my colleagues never used a mail program that wasn't called Outlook or Gmail. Spoiler alert: Both are abysmal mail readers for the purpose of following and participating in technical discussions. To fix that, they should at least support proper threading and encourage selective inline replies.
Making the tools a user choice over an established protocol/data model creates lots of possibilities to innovate. As long as Outlook-ordering decisions are made at the C* level it will never support software developers properly.
Just look at the hoops you have to go through to send a patch over gmail.
GitHub isn't analogous to a wheel. GitHub is a proprietary service owned by one company. Any patent on the wheel has long expired.
> but that means that the upside of viewing them directly on the source forge is lost, and I might as well have received a patch. :)
I don't follow, github gives it to you both ways, so I don't see the downside here. And on top of that, you can pull comments into your IDE of choice would you need to. I hardly see the problem, I suspect it isn't technical.
> I disagree strongly with this type of sentiment. Mercurial works, mercurial source forges exist.
Your disagreement doesn't align with the reality, unfortunately. Could you name one mercurial forge? They aren't many left anymore, and you have to get out of your way to host your mercurial code somewhere. And while it's hard to name mercurial forge, it's easy to name high profile projects which reluctantly converted to git: python, mozilla, pypy. It only got worse over time, "interestingly", about as fast as git consolidated its monopoly. And that's the main flaw in your point, that success somehow is based on merit alone, with no influence of peer/social pressure/network effect.
FYI, I just submitted this post: https://news.ycombinator.com/item?id=39208464 which is pretty much what remains of hosted mercurial today.
Bolting a million custom tools around email to force it to do something it was never meant to do is reinventing the wheel, yes.
> Projects develop workflows and common tooling like forges for practical reasons. But you, as an individual, shouldn't be tied to any one of them.
Yes, and very very few of them prefer arcane workflows such as patches over email. Some highly critical ones like the Linux kernel do, but the vast vast vast majority of products use well oiled machines like GitHub, GitLab, Gogs, Gitea, etc.
If that were the case we wouldn't have had this discussion today. Email workflow is abysmal and the limited innovations it has (patchwork comes to mind) is not enough to attract new developers.
What's worse is that the email workflow is very resistant to changes[0], and arguably, the people supporting the email workflow are too. It's hard for one to imagine there is a chance of innovation given the current predication. Even a complementary system like patchwork has remained relatively unadopted according to my non-scientfic observations (most people are likelier to link to the mail directly instead of the patch series on patchwork).
[0]: Building a more complicated system akin to the forges on top of emails will likely require modifications to the original email workflow, e.g. to add metadata. I don't know how well people will receive it, I'd imagine very badly.
The majority of people use emails like electronic mails because that's what email is designed for! Source code sharing is a separate protocol bolted onto email, and the fact that you have to use a specific email client (which I should mention, is largely unheard of outside of a small circle) is indeed an admittance of email being bad.
It's possible that you can fix a car with just a knife. But considering the difficulties and how unintuitive it is - is that not a sign of knife being somehow bad for the job?
Emails do have header, there is no problem storing metadata in those.
No, email is better suited for meaningful communication than most forums and code review web interfaces. And that is a direct consequence of the fact that it was designed to facilitate communication between humans. Github is simply missing a way to see easily and intuitively which message responded which other. I am thinking of something like the classic threading tree of an email client. That information makes it much easier to follow a discussion between more than two people.
That same tree is also great at showing what I have already read and what is new. How do you do that in GitHub? As far as I know there is no way to do that. I can even label certain messages just for me. In order to keep the overview. I can move emails between folders virtual or not to organize all the communication threads that I am participating in. Neither of which is possible with pull requests in GitHub or almost every other forge.
This is why I have serious doubts on the possibility to build forges (with accessibility and feature set on par with GitHub/GitLab) on top of emails. And please, don't use the minimalism excuse because those extra features of forges _are_ being used. Removing them for the sake of forge-on-email is a strict UX degradation and you only end up making both forge people and email people angry.
Another way to share those metadata through emails is to send an email that links to an external HTTP website which displays the latest updated data, as is done by some projects for CI. But at that point, it ceases to be an "email workflow" in my opinion -- if you are already hosting a HTTP server, you might as well host a git forge on it.
Or it is great idea to have a plugin for your mail program showing the build status of your ci plugin next to the email about the pull/merge request?