On 12/20/18 10:25 AM, YUE Daian wrote:
Did anyone ever considered using GitLab? Its community edition is quiet enough I think.
Yes, but there's a small problem: we would need to run our own instance of Gitlab to prevent some of the same problems that exist with Github (like losing all of our data if they go out of business).
The "run your own" version of Gitlab is a bit of a nightmare, being built with Ruby on Rails. It has a million dependencies, many of which are hard to package because rubygems/bundler are awful and encourage worst practices. Gitlab upstream expects you to run a version that bundles everything it uses.
What's the security strategy for something with a million bundled libraries? There is none, which makes following their advice pretty irresponsible, too.
For all its flaws, BugZilla is pretty stable software that uses stable libraries in an ecosystem inhabited by adults. Our infra team are all volunteers, too -- so we need an alternative that isn't way more work for them to run.
