We’re no longer using our old ftp, rsync, and git links for distributing OpenSSL. These were great in their day, but it’s time to move on to something better and safer. ftp://ftp.openssl.org and rsync://rsync.openssl.org are not available anymore. As of June 1, 2024, we’re also going to shut down https://ftp.openssl.org and git://git.openssl.org/openssl.git mirrors.

GitHub is becoming the main distributor of the OpenSSL releases.

  • Auzy@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    6 months ago

    I don’t know how GitLab would make anyone terribly unproductive. I see many FOSS projects or even entire (proprietary) software companies choosing GitLab for source code management. In fact, the company I work at (a government contractor) uses GitLab, as well as many other FOSS tools. And it’s definitely not a FOSS company, our main customers are the police and military.

    The switch process will be terribly unproductive. Also, even the process of discussing the change is a nightmare. Don’t forget all the backend stuff that needs to change too from all downstream. It’s not as easy as using the API and tools to copy the repo in this case… Everyone from Fedora to Zedora is affected on their side because the upstream address will change

    Sure, but their first choice for a data source is GitHub. For other platforms, they would need to develop and maintain an indexer/crawler (which you can block), which costs time and thus money. Just think about it, why would you upload my code to a platform, when you know that the owner of that platform actually hates FOSS and only wants to profit from it?

    Microsoft actually contributes a lot to open source… Why would they need an indexer / crawler? They already index everything using bing… Then they just need a git pull.

    What has Microsoft recently contributed to the FOSS community? I mean truly contributed. Why should a FOSS project use their proprietary products when other free (both as in price and as in freedom) alternatives exist?

    Because they work… Switching platforms offers no real benefits in any way, and Github is free for open source projects.

    Dumb argument. The code editor/IDE is a personal choice of each developer. The software forge isn’t. I really doubt that anyone at OpenSSL is using VSCode (a bloated JavaScript mess) for C development. But if you need to use it, there’s VSCodium which is completely open source and removes the Microsoft tracking.

    Yeah… Sure… Every developer I know these days except one uses VSCode. And we took him off the main team in our company because he was taking too long to do things (because we are all using copilot).

    What exactly do you think Microsoft is tracking? Do you think they’re peeking on developer webcams? Nope… https://code.visualstudio.com/docs/getstarted/telemetry . Crash reports are normal… Its all GDPR anyway. I don’t care if Microsoft knows what language I’m developing on

    So is GitLab

    Cool… I’ll just leave this here: https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/

    People should use what they want. It’s actually bad for the community when people who contribute nothing try to project manage projects they have nothing to do with. It’s their decision… If you don’t like it, fork OpenSSL to Gitlab and do your own thing… Trust me, you’ll notice that choosing Github vs Gitlab doesn’t affect project success.

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      I don’t know why you are trying to paint the picture that everything except GitHub is extremely unstable and makes everyone unproductive. It’s definitely not the case, I can tell you that from years of experience in both corporate and FOSS software development. Haven’t heard from any project that migrated from GitLab/Codeberg/sourcehut to GitHub, it’s always the other way around. I often see abandoned GitHub repos with links to new repos on Codeberg or sourcehut. Because people don’t want to use Microsofts proprietary garbage. And somehow they don’t have any issues with suddenly being unproductive after switching away from GitHub.

      They already index everything using bing…

      Bing is such a piece of shut (just like most other Microsoft software) that I actually forgot it existed, because no normal person on this planet uses it

      Yeah… Sure… Every developer I know these days except one uses VSCode

      What programming language do you use? JavaScript?

      Microsoft actually contributes a lot to open source

      For example? Name a full FOSS microsoft program that can be used on it’s own. Most of the things I see on github.com/microsoft are just some obscure libraries or other developer tools that no one uses. Sure, VSCode. But the build you can download from Microsoft’s website isn’t even FOSS. They don’t offer downloads for Code - OSS. The new Windows terminal? Only usable on the otherwise completely proprietary, bloated, ad-infested, data-extracting Windows operating system. Terminals aren’t used by most people either, I think I could almost call this a developer tool. The Windows Calculator? Wow, what a great contribution to the FOSS world. And meanwhile they make billions from selling proprietary software. Microsoft never truly supported the FOSS community and likely never will.

      Cool… I’ll just leave this here: https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/

      No software is perfect. Just look at all of the critical vulnerabilities Windows has had, EternalBlue (CVE-2017-0144) is a perfect example.

      It’s their decision…

      Of course it’s their decision, but it’s my right to criticize it, because I think it’s a bad decision.