Open Source projects and Git self hosting

A mailing list I’m on has been discussing where Open Source projects should host Git repositories. I wrote up these rough thoughts and have been asked to post them for others:

Been thinking about this, and I realised Open Source projects have to be very careful self-hosting.

The whole model of Open Source on Git for welcoming contributors is Fork-and-pull-request. As in Random Person A forks your projects, makes changes, makes pull request, you check,¬† accept and merge – great. But that also means you have to allow Random Person B to fork, change, request and you to realise that B’s code changes are totally wrong¬†(or worse, B themselves is an idiot) and politely refuse.

But this means if you self-host your Git repository for an Open Source project, you ideally have to allow random person A and B (who may be an abusive moron) to make accounts and start putting whatever code they want up there. You basically have to became a code host and start watching your hosting very carefully, otherwise before you know it someone is abusing your servers or has uploaded objectionable material. That’s not a welcoming prospect at all for an already overworked Open Source project.

The alternative is not to allow others to make new repos on your own Git hosting, but then suddenly you’ve made it harder for new contributors to contribute. You also lose visibility; if a random person forks your code most places like GitHub will track that with pretty graphs but if they clone your project and push that elsewhere you don’t see that. This matters because even if someone forks your project and changes it for their own personal use, it’s still interesting to see what they have done.

I don’t know where Open Source should host Git projects; comments and more blog posts welcome.