On 2020-06-17 13:45, Mayuresh wrote:
On Wed, Jun 17, 2020 at 01:36:33PM +0200, Johnny Billquist wrote:Anyone who thinks something else is simply deluding themselves.Obviously the hosts do whatever they do, and I agree it's no free lunch. But they [can] do what they do even if they don't host us as the code is open source anyway. So why not let them host anyway [may be as a mirror, like pkgsrc is, so that we aren't totally dependent.] PS: I am not arguing in favor of github or anything. Just curious what the big deal is for an open source project.
My point is that you don't want to expose yourself to the risk. It's not about them not being able to take the code and do what they want. But how would you deal with, if all the code repository is outsourced, and they suddenly decide to stop their service, or start charging for it, or add a requirement that you have to include some stuff of their in your code? If you've offloaded all that work and infrastructure, you are pretty much at the mercy of whatever they decide to do. Start paying, or adding adware or extra software is one thing, and ugly enough, but what if they decide to shut down? What do you do then? You're going to have to hunt around for the next service available, and use whatever they offer. Which means a lot of work, possibly need to change tools, and so on. Well, that might also sortof be a case even if you are staying with one provider. If they decide to deprecate whatever tool/interface you are using, you will have to switch at their mercy. It's not your decision, or under your control. Neither the choice of tool, nor the timeline.
And this also goes into potential review and change of code. You have to trust them that nothing is inserted, changed, or lost. And any tools for automation are also dependent on what the hosting service offer or allow.
There are all kind of risks. Arguments like "I don't think they would do that" are sortof gambles. How much are you willing to bet on it? NetBSD have been using one system for close to 30 years. How many of the current hosting services do you expect to offer something stable for a comparable time? Trying to recollect, I think SourceForce was what I was thinking of before, which did ugly things to projects, making a lot of them suddenly migrate away.
And honestly, any hosting service today is in the end commercial. If their business goes away, so will the service. And NetBSD might then just become a collateral victim.
I could go on about my objects, and the possible risks and issues, but I think if this rant isn't enough to start you thinking, I doubt any more text from me will change anything.
  Johnny
--
Johnny Billquist                  || "I'm on a bus
                                  ||  on a psychedelic trip
email: bqt%softjar.se@localhost             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol