Eating our own dog food

Mads Kiilerich mads at kiilerich.com
Mon Jul 24 22:20:22 UTC 2017 

On 07/18/2017 08:35 AM, Dominik Ruf wrote:
> Mads Kiilerich <mads at kiilerich.com <mailto:mads at kiilerich.com>> 
> schrieb am Di., 18. Juli 2017 um 01:10 Uhr:
>
>     Hosting of code from open source contributors requires some continous
>     amount of work and resources. Both for establishing trust and for
>     cleaning up when rogue players abuse the system anyway. 
>
> How is that different onbitbucket.org <http://bitbucket.org/>?
> What kind of abuse do you suspect?

Bitbucket do (for the same reason) have a legal department, constant 
monitoring, and people and process for dealing with DMCA takedown 
notices and similar.
If we open loopholes where anybody can make anything available for 
download, it will be abused for hosting illegal content.

>     But it can be
>     done, assuming we want to do it and establish a realistic process and
>     tooling.
>
>     Also, Kallithea is mainly used internally inside organisations. It has
>     not been optimized for hosting open source projects with "random"
>     contributors. I think some of the short-comings are quite obvious 
>
> Not to me.

Before I would host a fully public site with self-registration and 
untrusted users, I would want more isolation between users, quotas, and 
for example a concept of a user home. One current show-stopper-ish 
feature is the need for subscribing to be CCed on all PRs and comments 
for a repo.

>     - we
>     don't need dogfooding to find these. 
>
> It is not only about finding issues. It also send a message to 
> potential users.
> Would you eat at McDonalds, if their employees eat at Burger King?

I would have even more dislike for McDonalds if their employees *only* 
ate McDonalds food. McDonalds might be good for some purposes, but it is 
not a solution to all problems and not a full diet.

Kallithea has mainly been developed and seen improvements for use inside 
organizations. It is not so much built for hosting open source projects. 
That would have other requirements that probably are less relevant to 
the main use case. We *could* use it for Kallithea, but I don't have a 
problem with admitting that this is not a use case we have aimed for so far.

It would be nice to use non-proprietary software, but I don't have a big 
problem with Bitbucket as long as the repos are in a standard format 
that can be used anywhere ... and are mirrored on our own infrastructure 
with free software.

But if Andrew configure account for you (and other trusted 
contributors), then it is perfectly fine to use our own Kallithea for PRs.

/Mads
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20170725/8da74856/attachment.html>

More information about the kallithea-general mailing list