After the #XZ attack, I have a suggestion for all #software forges (#Forgejo, #GitHub, #Gitea, #Sourceforge, etc.):
Have some way to visualize binary files better, including diffs to such files. Cuz now, we have basically nothing except byte counters.
Since they're binary files, it must be as generic as possible. But even some rendering or analysis is better than nothing.
The idea is to expose weird patterns in binary files that could be a sign of an attack.
@mjgardner@Perl@ChristosArgyrop@ovid Certainly it’s an embarrassment considering #Sourceforge has recently joined the exclusive walled-garden of #Cloudflare. I cannot reach any sourceforge.net/* pages. But I can reach perltidy.sourceforge.net because it’s CF with Tor whitelisted. However, I’ll still avoid it on principle. I don’t think I’ve filed bug reports there but certainly I will not in the future.
You might even consider making a reasonable case to move the project’s remaining assets off #SourceForge. Impotently whinging about it here doesn’t change anything.
Obtanium
Get Android App Updates Directly From the Source.
Obtainium allows you to install and update Open-Source Apps directly from their releases pages, and receive notifications when new releases are made available.
@AAMfP@loke@fsfe@Codeberg
Codeberg is a fine GitHub replacement but it could be so much more. I still use #SourceForge for my bigger projects as it provides:
email lists
web hosting with rsync & ssh access
multiple VCS options
Git is great, but monoculture is not. I'd really like to see choices on the front end as well (e.g. cgit for browsing repositories).
The best time to leave #Github was before it was acquired by #Microsoft. The second-best time is now. Sooner or later, you will be forced out of Github like we, oldies, were forced out of #Sourceforge. Better leaving while you are free to do it on your own terms…