GitHub is shitty, why not a decentralized solution?

[UnruffledST]

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

Not decentralized in the way in which we are speaking. Sure with Git you can have a local copy and others who are working on it will work on their own local copy that is stored thus providing some form of decentralization. Still it is not fully decentralized in a way that it would be censorship resistant, IE theoretically say some government body got wind of you working on some code which they do not want you to work on and raided you and your co-workers you would have nothing protecting you once each local copy has been deleted, in this case there would not be many copies as you are only distributing it with you co-workers there is no trustless party who has copies of your code.

What we are looking at is a solution to prevent a malicious actor from being able to delete the copy locally from only say 5 computers and then your work being gone forever.

The way Git is set up is not meant to have your copy live forever no matter what, it is set up to only have your copy live as long as needed. Huge differences.

[1714952607]

1714952607

[1714952607]

1714952607

[1714952607]

1714952607

[100bitcoin]

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

So, what I understand, as Git is already decentralized, we just need to increase hubs to decentralize Github. Right?

[UnruffledST]

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

So, what I understand, as Git is already decentralized, we just need to increase hubs to decentralize Github. Right?

Git is distributed more so as it allows you to distribute the copy to other developers who each store their own copy and each works on their own copy still it is not decentralized. Each developer is pulling from the manager a central authority.

You can read more here.

https://git-scm.com/book/en/v1/Distributed-Git-Distributed-Workflows

Still the reason it is not decentralized is because the copy that developers are pulling from is not distributed in a trust-less manner. Instead of having to go through the manager only for the pull, one should be allowed to go through any trust-less party in who holds a valid copy while at the same time when a update is made all trust-less party holding a copy must update theirs to be current & valid also. You can as stated put them up in different repos but this still would not be full decentralization it would be more of a federated system as it is limited.

I just read this blog

https://medium.com/@alexberegszaszi/mango-git-completely-decentralised-7aef8bcbcfe6

and it shows that projects are actually working on making git fully decentralized.

Stating that there are projects such as Mango which runs on Ethereum, GitTorrent which runs on Bitcoin and Git-SSB.

Would be neat to keep tabs on such projects, maybe there isn't enough popularity because they do not have to do with Cryptocurrency instead solely the use of Blockchain for the better of the people. We as a community need to promote the use of these projects and stand together. It isn't all about money in this space.

[aliashraf]

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

So, what I understand, as Git is already decentralized, we just need to increase hubs to decentralize Github. Right?

GitHub provides an application layer for git. Git alone is a distributed Version Control System, VCS. It is not able to provide either teamwork or public repository environment for open-source projects. What we need is a decentralized application service on git, yesterday.

[igordata]

there are two problems we need to solve:

1. github is not the repo only. It is an ecosystem for developing projects with bug tracking, issues, voting, comments, reviews, etc.
To create a decentralized clone of github you'll need to reproduce all that features.

2. to create a distributed decentralized repo hosting you need to create a storage with multiple times duplicated data. GitHub is free for opensource projects and paid features for private projects. How that can be reproduced in distributed ecosystem?

[UnruffledST]

there are two problems we need to solve:

1. github is not the repo only. It is an ecosystem for developing projects with bug tracking, issues, voting, comments, reviews, etc.
To create a decentralized clone of github you'll need to reproduce all that features.

2. to create a distributed decentralized repo hosting you need to create a storage with multiple times duplicated data. GitHub is free for opensource projects and paid features for private projects. How that can be reproduced in distributed ecosystem?

We have been discussing on works about your first statement.

On your second statement, a way to do so that would allow it to remain free is to identify the users. You would not be able to do so freely in current eco-systems. To allow it to remain free for the mass is to have a decentralized identity system in place, better than an email, this would be the only way to freely control spam. The good in such system could be that we are only storing text and in many cases this does not amount to much space, meaning that just to store a file on a users end would not technically be a problem. A way to further decrease space per user is to shard. Block rewards in a free eco-system in where money is still coming in through premium features would allow those storing to reap financial rewards. Still there could be a eco-system in where no money comes in just a blockchain without cryptocurrency in where you have to opt-in to store information from other users to be able to have others store information for you.

Really the biggest goal to allow it to remain free and this goes for every platform is to tackle decentralized identity.

Update

Now that I think about it a nice way to reduce spam without decentralized identity which would be possible to have been in use as of yesterday is to further develop the system in which I spoke of secondly, a you store for me I store for you type system. This would defeat spam in a sense if further looked into such as only allowing to decentrally store what you are decentralizing for others, so if I have 50gb in which I am storing files for others then I am allowed a cap of 50gb in which others can freely store for me in a decentralized manner, this would make everything neutral.

[igordata]

> On your second statement, a way to do so that would allow it to remain free is to identify the users.

It doesn't sound quite good
Anyway it is very easy to be identified but store enormous amounts of data in repo. It will require other users to reserve space to store other's files in ratio much bigger than 1:1 or even 1:2. This is obviously an attack vector here. If we do limit users in space available for free it just make an attack a bit more difficult to do but still to easy to trust that approach.
So anyway we come to the system where one needs to pay for the space. In such kind of situation most of the users will go back to GitHub or GitLab.
By thus we end up focusing on pro devs and pro teams like Bitcoin team. This is not bad, but that niche may be too marginal and not profitable for the system making it too small to resist attacks.

I'm not saying we do not have to try. Only that we has to think thoroughly.

[igordata]

> you store for me I store for you type system

I thought about that and as I think - that may work for small teams who share their own data.
I can even imaging the system with encryption and possibility to prevent excluded team member to continue reading the repo: a team owner just needs to publish new encryption and decryption keys personally for each member encrypted by this member's public key.

As a conclusion  - that may work for small teams

[UnruffledST]

> you store for me I store for you type system

I thought about that and as I think - that may work for small teams who share their own data.
I can even imaging the system with encryption and possibility to prevent excluded team member to continue reading the repo: a team owner just needs to publish new encryption and decryption keys personally for each member encrypted by this member's public key.

As a conclusion  - that may work for small teams

Double posted, should merge your post together.

Also with the you store for me I store for you it would be able to work at a large scale, it is not about specifically having only the person you stored the file for store it for you, it is gaining credit on the blockchain as a whole, you store 50gb of data for others you are allowed a credit of 50gb in which others can store for you, this data obviously can be sharded and encrypted. A lot could be done with this system everything would be neutral no spam attacks you are essentially paying for space with space. This method does not limit you to a small team.  


People aren't storing whole files for users, they are storing pieces of a file for users.

and yes it would have to be documented better but hey I do not have the time for it right now, have other documents I am working on.

[igordata]

Also with the you store for me I store for you it would be able to work at a large scale

I can't agree

you store 50gb of data for others you are allowed a credit of 50gb in which others can store for you

to make system fail proof you need to duplicate data and store some additional info too. That means you *must* allow to store more data than you store yourself in the network. Assuming we have only 50% nodes online 24/7 you need to store in about 1:2 ration to make it possible.

A lot could be done with this system everything would be neutral no spam attacks you are essentially paying for space with space. This method does not limit you to a small team. 

how can you check that i really have the data not just downloaded, saved hashes and deleted all the files?

[UnruffledST]

Also with the you store for me I store for you it would be able to work at a large scale

I can't agree

you store 50gb of data for others you are allowed a credit of 50gb in which others can store for you

to make system fail proof you need to duplicate data and store some additional info too. That means you *must* allow to store more data than you store yourself in the network. Assuming we have only 50% nodes online 24/7 you need to store in about 1:2 ration to make it possible.

A lot could be done with this system everything would be neutral no spam attacks you are essentially paying for space with space. This method does not limit you to a small team.  

how can you check that i really have the data not just downloaded, saved hashes and deleted all the files?

Well this is where documentation takes places, again I have documents in which I am working on and documentation is time consuming, if I where to provide all the answers than I am really creating the system for you.

There are ways to achieve what you are obtaining, it is all about being creative.

You would have to answer what system are we building on top of are there premium features? is crypto included? how often are these files being accessed?

This all ties back to checking if nodes really have the data stored, this is the easy part as calling and checking if the data is stored, the question is which way are you going to go about it? The most efficient is through the use of a committee.

If we take a look at other current decentralized storage system most only store while the user is paying, once they stop the file stops being hosted. You would have to assume the same for this system, once a node goes offline their files will also stop being hosted. Clearing up space across the system. So it is to the benefit of nodes staying online, you can put a system also in place in where when nodes host more than needed they are awarded energy/gas which allows them to go offline for a certain period of time while still allowing for their files to be hosted.

If it is a blockchain which utilizes its own crypto on top of it with premium features then we can also have a set of committee/delegates or just any node who has extra storage space they can be rewarded through the block reward this is taking note that if PoW is not used, a substantial amount of rewards are able to be distributed while at the same time distributing fees coming into the network from premiums.  

You have to take into account that it does not have to be 1:1 the whole time if some people are storing extra files they will have no problem with it at all if they are rewarded accordingly this can be with energy/gas and/or financially. It going off ratio does not mean that it is a attack. These numbers would have to be played with and the only way doing so would be actually getting a test net up and running

[Hysmagus]

There is an existing decentralized git platform* setup on ZeroNet, it's a little clunky but it's usable enough to be a censorship-resistant route to share code.
You can find a link to it on the ZeroNet site directory.

* edit to clarify a platform exists, not a clone of any specific codebase or any work done by specific parties.

[igordata]

This all ties back to checking if nodes really have the data stored, this is the easy part as calling and checking if the data is stored, the question is which way are you going to go about it? The most efficient is through the use of a committee.

I just thought maybe we do not need to store the data spreading it across the network. Maybe it will work better if you allow users to decide about what projects/repos they want to host. Like it is done in bittorrent protocol.

So if I want to protect some project from censorship I could host exactly this project's repo only.

[UnruffledST]

This all ties back to checking if nodes really have the data stored, this is the easy part as calling and checking if the data is stored, the question is which way are you going to go about it? The most efficient is through the use of a committee.

I just thought maybe we do not need to store the data spreading it across the network. Maybe it will work better if you allow users to decide about what projects/repos they want to host. Like it is done in bittorrent protocol.

So if I want to protect some project from censorship I could host exactly this project's repo only.

Could be also, still this could all be incorporated together, if you have a system such as mentioned above there is nothing also preventing someone from hosting their preferred projects also.

To gain the most out of decentralization it would be best to put all 3 together. just doing one such as this would not provide a guarantee as only those who are popular would really be decentralized.

[aliashraf]

This all ties back to checking if nodes really have the data stored, this is the easy part as calling and checking if the data is stored, the question is which way are you going to go about it? The most efficient is through the use of a committee.

I just thought maybe we do not need to store the data spreading it across the network. Maybe it will work better if you allow users to decide about what projects/repos they want to host. Like it is done in bittorrent protocol.

So if I want to protect some project from censorship I could host exactly this project's repo only.

Very good point. It encourages me to think more about an incentive mechanism.

[AGD]

This all ties back to checking if nodes really have the data stored, this is the easy part as calling and checking if the data is stored, the question is which way are you going to go about it? The most efficient is through the use of a committee.

I just thought maybe we do not need to store the data spreading it across the network. Maybe it will work better if you allow users to decide about what projects/repos they want to host. Like it is done in bittorrent protocol.

So if I want to protect some project from censorship I could host exactly this project's repo only.

Very good point. It encourages me to think more about an incentive mechanism.

Incentive could be created with a reward for providing disk space and bandwith. Btw I don't like the approach where people can decide what to host. This would probably end in another kind of censorship and centralizing.
If data is encrypted and fragmented, disk space/bandwith providers would not know, which data they are actually hosting/sharing.

[igordata]

We don't need thousands and thousands of Bitcoin code repos across the world. It is good if so (and it is forked 24k times), but to fight the censorship it is enough to have more repos than the censor controls or may shutdown. I mean imagine we have a China censored app code hosted in lets say 5-7 different countries like USA, France, Russia, India, Brasil and Algeria. It will now be possible to shut one or two repos in one day, but it will result in attracting more attention to the app and thus people create more repos. Even small modern projects have hundreds of forks - cloned repos. It will be impossible to kill such a project by censoring it in a single country.

When people do not control what they host it is good in an ideal world - every project is distributed across the galaxy and nobody knows where exactly it is hosted and by whom. But that creates an opportunity to attack this distributed system with spam. And that is where I see a flaw and why I propose to give users the control of what they host. That is the reason. If we can somehow manage to get rid of it - that would be perfect.

[igordata]

Guys? Do we still need a distributed decentralized git repository?

[Rizzrack]

A year later and GitLab now comply with U.S. regulation. It's even worse since there's no way to download your code (while GitHub still allow you to download code if you make the repository public).
https://ahmadhaghighi.com/blog/2020/gitlab/

That sucks on so many levels. Had so many mixed feelings after reading: anger, disappointment, sorrow etc.
Intellectual property should be respected regardless which country you were born in.

I guess as long as you live in a country where the president is in good relations with the US counter part, at least in theory, you're good for the moment.
Has anyone tried one of these decentralized GitHub alternatives ? I personally have not.
Tried to find a living example and found Radicle.
They have the code on github (haha) https://github.com/radicle-dev and seems they are active. Since I saw them last night some new commits were pushed. Not sure how mature it is as it seems the project is 9-10 months old.
Most of what I found besides this was abandoned. Not maintained for 2-3-5-7 years.

Do you know of any alternatives out there and if you do... how easy is the shift to one of those in regards to work flow, GUI etc ?

[PrimeNumber7]

A year later and GitLab now comply with U.S. regulation. It's even worse since there's no way to download your code (while GitHub still allow you to download code if you make the repository public).

https://ahmadhaghighi.com/blog/2020/gitlab/

Both GitLab and GitHub allow you to download your code. Most commonly, repositories will be managed with git, with a copy of a repository being on your computer at all times.

I personally have some repositories on GitHub that is private, and routinely download code in my repos (I update code with multiple computers).