GitHub alternatives for projects with compliance requirements

[Jeremy Stanley]

On 2022-07-13 17:23:58 -0400 (-0400), Adrian Edwards wrote:
> Given the the GiveUpGitHub campaign page asks the most comfortably-situated
> large projects to give up GitHub first, I was wondering if there were any
> FOSS options out there to provide some competition for GitLab for
> enterprises with compliance requirements that they have to meet, such as
> SOC2, ISO 27001, ISO 13485/QMS .etc. I have heard about these kinds of
> standards in recent StackOverflow podcasts and am curious if there are
> options for companies that want to support free and open software but don't
> have the ability to choose freedom and openness at the expense of regulatory
> compliance.
> 
> Is it just a choice between GitHub and GitLab at this stage or are there
> other options?

This might be a knee-jerk reaction on my part, but I would never
expect an open source developer community to foot the bill for
regulatory compliance needs. These are, in my experience, always
requirements their USERS need to meet, and those users are typically
well-funded enough that they can choose to either help the project
host the necessary infrastructure and provide sufficient labor to do
that, or handle their own compliance needs downstream, or buy some
proprietary solution instead because they're scared into thinking
that's safer than relying on community-maintained software.
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.sfconservancy.org/pipermail/give-up-github/attachments/20220713/97d4339d/attachment.sig>