06:00 <CaptainCalliope> <dckc "Lyre Calliope, I know some folks"> Hold off until we've had a few more conversations. I'd like to at least be able to communicate how we intend to move forward in making decisions in allocating resources before starting to pitch orgs. Also, one pattern I've seen with open collectives is creating contributor teirs specifically for organizations which is one way we might consider structuring these

06:01 <CaptainCalliope> relationships.

06:02 <CaptainCalliope> I spoke with ocdtrekkie earlier today about some governance things and I'm writing out some proposals I'll share in the next day or two.

06:04 <isd> kentonv: I'm perusing the source and noticed there's some logic for launching the supervisor directly as a command. Is that actually used for anything? It looks like a historical artifact.

06:06 <isd> Ah, found the use in backend.c++, nvm.

09:12 <isd> 3/quit

16:46 <dustyweb> hello hello

17:24 <ocdtr_web> dustyweb: Hey!

17:26 <isd> Ahoy!

18:29 <isd> ...so I just got an email from npm letting me know they got bought by GitHub.

18:30 <isd> https://blog.npmjs.org/post/612764866888007680/next-phase-montage

18:33 <ocdtr_web> That seems very no-brainer-y to me too WRT GitHub Packages.

18:34 <ocdtr_web> I think a package repository built directly on GitHub has a lot of opportunities to demonstrate safety and authenticity.

18:35 <ocdtr_web> Presumably GitHub Packages can provide the capability to verify/ensure that a package is built from the source contained in the repo.

18:36 <isd> It mostly makes me nervous abou the increasingly centralized infrastructure used for FOSS development.

18:36 <ocdtr_web> There's definitely an irony to it. Given that the company in question is Microsoft.

18:36 <ocdtr_web> :P

18:37 <isd> Frankly, there's no good reason to have a centralized package index anyway. Go does this right: just have the package tools support URLs.

18:37 <ocdtr_web> Package repositories like NPM have already been a very uncomfortable level of centralization to me.

18:37 <ocdtr_web> And in NPM's case specifically, the source of a lot of problems from a security standpoint.

18:58 <isd> ...but I think only because of its popularity. Architecturally it's not different from most package managers.

18:59 <isd> (Go again being an exception: the build tool doesn't just run arbitrary code for you).

19:01 <CaptainCalliope> Ugh. GitHub has always made me uncomfortable. More and more so.

19:02 <isd> Thought experiment: what would be needed for sandstorm to self-host the community infrastructure that is currently on GitHub?

19:04 <isd> Also: what are other possible GitHub alternatives, and what would the pros/cons of switching be?

19:05 <isd> I'm not necessarily pushing for us switching away, esp. on any particular timeline. But maybe it's worth actually thinking about the implications.

19:33 <ocdtr_web> We'd probably want to update the GitLab package so it had all of modern trimmings, things like CI and stuff are part of GitLab, so we would have to rework our Actions and the like.

19:33 <ocdtr_web> We'd also need the standalone domain type functionality at least so we could have something like git.sandstorm.io.

19:34 <ocdtr_web> The largest issue I see is losing a lot of drive-by contributors and issue submissions. The community effects would be very unfortunate to lose.

19:34 <ocdtr_web> I am much less likely to bother trying to submit a PR or report an issue if it's not GitHub.

19:36 <ocdtr_web> Drew DeVault's sr.ht is fully open source and very affordable (currently it's pay-as-you-want, actually) and includes mailing lists. I was intrigued by just the ability of getting off Google Groups potentially there.

21:11 <isd> GitLab CI requires a separate service set up and we (1) won't be able to do that in Sandstorm because it needs to launch VMs and containers and such, and generally needs access to stuff we block, and (2) We need root in CI anyway o actually set up sandstorm, and gitlab's CI currently will only run (unprivilidged) docker containers afaik.

21:12 <isd> The drive-by contributions is my biggest concern as well.

21:13 <isd> But it's also my biggest concern with GitHub -- the fact that that attiude is common is what worries me, and I feel like if a community project focused specifcially on user autonomy and decentralization is not going to challenge that norm, we're in deep trouble.

21:16 <ocdtr_web> It's possible if the experience is smooth enough at a easy-to-access subdomain, with GitHub login enabled, as Sandstorm generally does, people may find it still easy enough to.

21:18 <ocdtr_web> I would say the point where we can meaningfully push "we should self-host this" over "GitHub brings nice perks" is when self-hosting it provides more perks than GitHub. Which for Sandstorm, generally means the benefits of Powerbox integrations and the like.

21:19 <ocdtr_web> A lot of entities aren't going to embrace decentralization until it is more beneficial to them than centralization. Either because the central entity is now doing bad things or because they glean actual value from the control and separation.

21:19 <ocdtr_web> My biggest concerns with centralization is privacy-oriented, personally, but that isn't really something that holds up for hosting Apache-licensed code: It's public anyways.

21:20 <isd> I agree it doesn't make sense to switch until the software actually meets our needs.

21:21 <ocdtr_web> Re: GitLab CI on Sandstorm, could we still host GitLab on Sandstorm and use the Powerbox to grant it ability to talk to a separately hosted CI setup then?

21:21 <isd> We could probably integrate a separate GitLab CI setup, yes.

21:24 <xet7> I'm worried about GitHub because of this https://news.ycombinator.com/item?id=22593595

21:24 <xet7> recent example

21:26 <xet7> Some have asked about integrating Wekan with Gogs/Gitea/GitLab . There is also https://github.com/wekan/wekan-gogs integration that is not directly in Wekan packages yet.

21:26 <xet7> At Gitea issues they are discussing could they self-host Gitea

21:27 <ocdtr_web> We do also have a Gogs package: https://apps.sandstorm.io/app/d9ygf47xrtnw12j92cyt6cu8ut75esx01u4q3kcrn8415w9qzzgh

21:27 <xet7> Yes.

21:27 <xet7> What do you think about fossil-scm ?

21:28 <ocdtr_web> I know nothing about it.

21:28 <isd> fossil is really neat, and I feel like would make a great sandstorm app.

21:28 <ocdtr_web> It may be worthwhile at least, at some point, particularly if we have standalone domain capability, to mirror Sandstorm repos between GitHub and git.sandstorm.io or something like that.

21:28 <xet7> https://www.fossil-scm.org Single binary, saves data to sqlite database

21:29 <xet7> Takes much less disk space than git files

21:29 <ocdtr_web> Perks of using a decentralized version control solution is we could provide a GitHub-free interface people could participate in, and also have access to the GitHub community.

21:29 <xet7> big files are compressed

21:29 <isd> ...but for sandstorm's purposes, "scm that's not Git" worries me more than "not GitHub"

21:30 <isd> I think mirroring/syncing to GitHub would be a good thing.

21:30 <ocdtr_web> Fossil probably would package fantastically on Sandstorm, SQLite-based things tend to be happy Sandstorm packages.

21:30 <xet7> Git repos can be imported to Fossil

21:31 <isd> I think the main annoying thing is that it has its own user/auth system. Haven't dug in enough to know how easy that would be to fix.

21:31 <isd> xet7: yeah, migrating isn't so much the concern as I think it would be a bigger barrier to contributors, just because it's not the thing everybody uses.

21:31 <xet7> Yes.

21:33 <xet7> Fossil is very bandwidth efficient, so it would be a improvement

21:33 <isd> I'm not really concerned about git's performance.

21:34 <isd> ...maybe I'll fuss with porting it.

21:41 <isd> re: the hacker news article: npm already has some weird words on their list of "can't put this in a username."

21:41 <isd> I couldn't register my usual handle (zenhack)... apparently, on a site used by programmers, hack is a no-no?

21:41 <isd> Like, I expect this from a bank or something...

21:48 <xet7> wow