(1/2) It's very good to report #bugs in #FOSS projects. Services like #github, #gitlab, #codeberg and so forth makes it easy to do so without creating a new account for each report.

My recommendations:

- be polite - people are spending their spare time to help you

- explain it thorough: exact steps to reproduce, difference between actual result and expected result, mention exact version numbers, surrounding environments with their versions, background stories (maybe in an extra section at the end), ...

Fun fact: many(!) of my #bugreports get aborted during that phase because while explaining it properly, I did find out where my mistake was. Maybe improve the documentation afterwards.

...

#Gitlab just closed the issue about supporting #ActivityPub. Kai Armstrong says "our current focus isn't in this area".

This is very sad, I really think this could have been a pretty good match *espacially* for Gitlab. It could have been a puzzle piece in how to do federated open source coordination. You know, the problem with "not wanting to be on github, but kinda finding it convenient everyone has an account already".

https://gitlab.com/groups/gitlab-org/-/epics/11247#note_2597450590

#Gitlab just closed the issue about enabling federation using #ActiviyPub that has been open since 2019
https://gitlab.com/gitlab-org/gitlab/-/issues/30672#note_2597293301

Image diff is sweet.

It is pretty absurd, IMHO, that #GitLab doesn't have anything similar to https://github.com/notifications. Why is e-mail the only way to find out if there's anything new happening in any of my issues? What if I want to go back to an issue where something happened recently, why isn't those just listed somewhere so it's easy to find?

When it takes weeks or months to get any feedback on issues opened in #Gnome GitLab I always fear that I just miss some e-mails, and issues then might stall.

Anyone who has upgraded their self-hosted #Gitlab instance to 18.x might want to check their admin settings and potentially disable "Event tracking":
https://about.gitlab.com/blog/2025/03/26/more-granular-product-usage-insights-for-gitlab-self-managed-and-dedicated/

#followerpower needed:

Does someone have a #gitlab workflow that is able to open backport MRs for successfully merged MRs that have a specific label?

For example: My MR has a label "backport::release-0.1.0". That MR is merged to master.
Now the workflow creates a new MR, targeting the "release-0.1.0" branch with the changes from my original `git cherry-pick -x`ed, or if that fails it comments on my original MR with a message indicating that cherry-pick failed.

Please boost for maximum visibility!

All of a sudden, the #HardenedBSD #GitLab instance is being DDoS'd by your not-so-friendly AI scrapers.

I've been resisting the urge so far, but I might just need to deploy #Anubis.

I'm finally moving over to Radicle (https://radicle.xyz) instead of switching to another centralized code forge (like GitHub, GitLab, Codeberg, etc.). I definitely love the idea behind a #P2P code forge and I'm hopeful for Radicle's future, but I do have some reservations starting off:

1) Despite talking a lot about freedom and privacy in the tutorial, the group building Radicle (https://radworks.org/) is planning to sell hosting and make a profit via an Ethereum-based cryptocurrency (https://www.tally.xyz/gov/radworks) as well as NFTs and smart contracts. Some big Libertarian red flags there.

2) At some point there was a Swiss nonprofit "Radicle Foundation", but this now seems to be a for-profit venture (see https://radicle.xyz/history). I wish it could just be a nonprofit.

3) In the user guide chapter on private repos (https://radicle.xyz/guides/user), it says that I need to use a public DNS address trusted seed node to share the repo. I understand there's no DHT here, but I hope it's not too much of a pain to run this over my local network instead of the internet. (And yeah, I know I can use git locally, I just want to test Radicle locally.)

Overall, I think that if radworks turns out to be evil it will be a way easier transition to fork Radicle than it has been to leave GitHub, but I still wish I didn't have to worry.

I've started migrating my repos from Codeberg to Worktree.ca; I'll keep the Codeberg repos as mirrors.

Doing this because Worktree is Canadian, and I subscribe; I felt a little bad using a non-profit's infra even though all my stuff there is open source and my CI needs are pretty minor.

EU folks: Codeberg.org is great (Forgejo).

CA folks: Worktree.ca is great (Gitea).

It looks like AI developer assistants will always carry the risk that it is trying to pwn the developer who is using it. This is a great write-up of how one was trained to insert malicious links via the source code it was trained on.

https://arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/

Writing function signatures in YAML is a sign you've gone too far

PSA GitLab has some behaviour that breaks Maven pulling packages from it.
You can work around it by setting auth headers manually in settings.

Hopefully this saves someone some time.

I'll post the details in reply since it's long