What’s the big advantage of a git (or any) server self-hosted by Whonix compared to any git branch in any git repository anywhere or git patch format? And is the extra effort really justified for the maintenance required for that webapp? Maintenance required: initial setup, keeping it updated, backups and restoration testing, archival, troubleshooting if something breaks…
From my experience with other webapps…
wordpress blog (updating was messy, kept breaking),
discourse forums (hard to resolve update issues, database issues),
mediawiki (update issues, database issues),
phabrictor (deprecated even though one would thing that’s unlikely given it was in use by at least two major users such as wikipedia and facebook)
…that’s hours and hours of work that are spend on a perfect webserver rather than on software development.
More generally… Not just about git… Any webapp or server setup… The issue is that the demands from a small vocal minority of highly technical users lead a lot of project resources being redirected that aren’t really beneficial for the core of Whonix which is the actual downloadable software or source code. Such as:
all software on the server must only be using Freedom Software
ideally the server would be self-hosted in a developer’s private home (not hosted at a server provider)
JavaScript free webapp or at least basic non-JavaScript support
the webapp must not have anti-features such as cookies, tracking
no loading of third-party content (such as fonts, CSS, scripts, let alone analytics)
no use of a CDN
the webapp must have perfect security
the webapp must be under constant development and be constantly updated by upstream and downstream
wordpress blog (updating was messy, kept breaking),
discourse forums (hard to resolve update issues, database issues),
mediawiki (update issues, database issues),
phabrictor (deprecated even though one would thing that’s unlikely given it was in use by at least two major users such as wikipedia and facebook)
…that’s hours and hours of work that are spend on a perfect webserver rather than on software development.
More generally… Not just about git… Any webapp or server setup… The issue is that the demands from a small vocal minority of highly technical users lead a lot of project resources being redirected that aren’t really beneficial for the core of Whonix which is the actual downloadable software or source code. Such as:
all software on the server must only be using Freedom Software
ideally the server would be self-hosted in a developer’s private home (not hosted at a server provider)
JavaScript free webapp or at least basic non-JavaScript support
the webapp must not have anti-features such as cookies, tracking
no loading of third-party content (such as fonts, CSS, scripts, let alone analytics)
no use of a CDN
the webapp must have perfect security
the webapp must be under constant development and be constantly updated by upstream and downstream
Sad to see TPO doing that, but I see that discourse must be much more
difficult to self-host than a git server, or so I expect.
It is difficult for me to argue again on my point because I don’t want
to damage development by spending more time during maintenance of hosted
servers than development.
If the burden of maintenance is worth the organization of issues, then
maybe?
The discourse instance I hosted for 3 years and cost me about 50-100 hours of time.
These are wish lists, not requirements. It doesnt have to be all or nothing
Again, i could go either way. I want to make the project better and dont care about my ego. Of course i think creating a webserver ( not whonix owned) on gitfoss.org is a good idea, i bought the domain. But my ego is less important than whonix continuing to succeed for many more years
For what its worth @Patrick, while the phabircator deprecation is certainly annoying, it is not a 100% lost effort. There is an existing script to migrate issues in from phabricator to gitea, if we choose to go that path
If using third-party hosting such as github and github gets hacked, then it’s just a third party that got hacked and the reputation of the project that was using github remains stainless.
Even security experts don’t claim that they can absolutely secure a webserver / webapps form ever getting hacked. Usually the more of a security expert they are, the more modest they are, the more careful they are to avoid making bold claims of something being secure.
If that would even be enough money to avoid full database losses every other year.
