Ich weiss, es gibt viele #GitHub und #GitLab Alternativen. Einige kenne ich auch schon. Aber, welche in Deutschland(!) oder auch AT gehosteten Git Alternativen wuerdet ihr empfehlen? Muss nicht unbedingt kostenlos sein, sollte halt nur da gehostet werden.

Gerne boosten/teilen.

#gitlab Securityfix 7.10.1, 17.9.3, 17.8.6

Cross-site Scripting (XSS) through merge-request error messages

Cross-site Scripting (XSS) through improper rendering of certain file types

Admin Privileges Persists After Role is Revoked

External user can access internal projects

and so on ...

#opensource #adminlife #git

https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/

Anyone else having issues with #PyCharm randomly "forgetting" / bricking #logins on #UbuntuLTS Desktop?

• And it's not just #GitHub and #GitLab but any #git.

The only workaround is to literally delete the configs and manually reenter the credentials, only for those to get fucked up with an update or at random.

• Seriously, why???

@jetbrains , #plzfix!

Do I have any #golang developers in my followers that are located in Canada and looking for contracts ?

No need to be a senior. Looking to give a chance to local talent.

Must have an #OpenSource philosophy, know #Linux well, #Git, #Gitlab

Reply or DM me.

I hate programming in YAML
I hate arcane scripting structures
I hate side effects
I hate overcomplicated CI/CD pipelines

That is all.

Skrevet af @benjamin

I får lige en forsmag på det den hjemmeside vi arbejder på, samt lidt om hvordan vi arbejder.

Noget af det første vi skulle finde ud af var hvordan vi arbejder sammen på projektet. Vi er alle tilhængere af #OpenSource og #SelfHosting, men vi vil nødigt afhænge af enkeltpersoner og deres hjemmeservere. Bl.a. derfor har vi lavet et projekt i #gitlab som anvender gitlabs CI til at bygge hjemmesiden med en statisk side generator, samt deploye den til gitlab pages. (Til de interesserede så har vi taget udgangspunkt i https://www.getzola.org/documentation/deployment/gitlab-pages/#setting-up-the-gitlab-runner). Det giver gode muligheder for samarbejde samt en klar ændringshistorik at have det hele i git.

Vi har grønne pipelines så nu taster vi løs for at levere noget tekst + fede logoer så vi kan få defineret konceptet Folkeføderation så tydeligt som muligt. Sig til hvis i vil være med, så bliver i inviteret ind i gitlab-klubben.

@andyjennings TYMBI

https://social.mcwhirter.io/@craige/114135826723289231
craige@mcwhirter.io - Hey peeps, if you're still using #GitLab and #GitHub and you're twitching a bit because they're felating fascists, I want to point to the sign that says you can self-host @forgejo - a project which is also working on decentralisation and federation.

Failing that, @Codeberg also exists, are a European non-profit that also supports the developmnet of Forgejo.

Hope that helps

Yo, I just heard about the Gitlab news (see here to find out: https://mastodon.design/@markwyner@mas.to/114136899003664890 ) I'm already preparing my Codeberg migration... I think this won't be my last migration before the end of the year but I can tell you that it's tiring me to change the web services I use every two weeks or so, I have other things to do with my life #rant #tech #fatigue #mentalFatigue #fascismEverywhere #gitlab

According to #GitLab I have no projects. I am guessing this is a snafu.

GitLab CFO, Brian Robins, says they are “aligned with the goals of DOGE, because the company’s software tools aim to help people do more with less. What the Department of Government Efficiency is trying to do is what GitLab does.”

https://archive.is/okSlz

You either support fascism or you don’t. It’s binary. There’s no gray area or “aligning.”

Considering GitLab? Don’t. Use @Codeberg.

(Hat tip @aphyr)

If you’re currently using #gitlab this is your time to leave for literally any other service as they have chosen to align with the current US regime.

Via https://www.washingtonpost.com/business/2025/03/09/doge-companies-warnings-sec-filings/

Well at least #GitLab lets you delete your account with no fuss. Good CI though, shame.

Re: https://woof.group/@aphyr/114134266721872222

Hey peeps, if you're still using #GitLab and #GitHub and you're twitching a bit because they're fellating fascists, I want to point to the sign that says you can self-host @forgejo - a project which is also working on decentralisation and federation.

Failing that, @Codeberg also exists, are a European non-profit that also supports the development of Forgejo.

Hope that helps

If you run a #Drone CI server, set DRONE_REGISTRATION_CLOSED=true (and manually create users only when you really really trust someone).

The CPU on my CI/CD server suddenly spiked to 100% today.

A closer look found some users who had registered on git.platypush.tech and on the CI/CD server and created a repo with a .drone.yml, a .gitlab-ci.yml and some scripts with base64-encoded commands.

The repo also contains a deepCC.ipynb Jupyter notebook that downloads some training data from S3 and uses Tensorflow to train a model, and then uses the deepCC binary to do something with that model.

The repository also has a configure script with base64-encoded commands that seem to configure a miner (the wallet ID is R9WpFbvkb6dep6bfLdbpcyz3LpMeikUL6W and the coin is VRSC, if anyone is interested in investigating further).

The deepCC binary is itself quite big (~50 MB), and a look at the setup script reveals that it’s actually a .tar.gz archive with a larger binary inside.

A quick run of strings on the binary confirms that it’s actually a miner - it connects to eu1-etc.ethermine.org and it also has a bunch of CUDA bindings to run on GPUs.

I still don’t get what’s the point of the Jupyter notebook that trains a model and passes it to this miner, but if you feared the day of the arrival of the zombie Docker containers that exhaust system resources by mining cryptocrap AND training AI models, well, I’m afraid to inform you that that day has come.

If you are a #Gitea / #Forgejo admin, take a look at the users and repos created in the past couple of weeks. Check in particular if any recently registered users have created a repo named deepcc-v.

The most likely authors are users named farzanfarid16 and zurizoey0.

A quick search confirms that both these users are registered on #Gitea too and have already created the incriminated repo:

• https://gitea.com/farzanfarid16/deepcc-v
• https://gitea.com/zurizoey0/deepcc-v

And if you are a Drone CI or #Gitlab admin, check if any of these users have also started CI/CD pipelines connected to that repo.

For now, disabling the execution of CI/CD pipelines unless a user has been explicitly authorized is the best idea that comes to my mind.

I recently had a discussion with a coworker about commit messages. And I wonder what guidelines developers prefer.

Past tense example (Django):
https://docs.djangoproject.com/en/5.1/internals/contributing/committing-code/#committing-guidelines

Imperative example:
https://github.com/RomuloOliveira/commit-messages-guide/blob/master/README.md#good-practices

Conventional/Semantic:
https://www.conventionalcommits.org/en/v1.0.0/
and
https://gist.github.com/joshbuchea/6f47e86d2510bce28f8e7f42ae84c716

Maybe other styles?

Achievement unlocked: loaded a GNOME #GitLab link that was pasted in a chatroom and triggered @cadey's "Anubis" anti-LLM-scraper protection catgirl with my genuine Firefox browser, and had to watch my CPU burn for a minute

I regret to inform you that we have now entered the DEFCON 1 stage of the struggle against the LLMs "AI" #enshittification bubble

What I don't quite understand is why the GitLab instance would put up this challenge to already logged-in users