Re: [privoxy-devel] Move from Sourceforge

[Fabian K. <fk...@fa...>]

Ian Silvester <ian...@fa...> wrote:

> I have today learnt that Sourceforge is blocked by uBlock's default 
> ruleset, ostensibly because of the unpleasant badware they push 
> aggressively when one downloads any genuine files.
> 
> I was in discussion with the author of a fairly good security guide for 
> OS X who currently promotes the Homebrew installer for Privoxy. This is 
> inferior to ours for a number of reasons, not least that Privoxy is 
> executed using the interative user account that was used when installing 
> it. He is however unwilling to alter his guide to promote the 'official' 
> binary package due to the problem detailed in the first paragraph.

Given that the OS X packages come with OpenPGP signatures
(a security guide could mention) that seems to be a strange
position to me.

Anyway, it if helps, we could also make the OS X binaries available
from the hidden service page (http://jvauzb4sb3bwlsnc.onion/) which is
outside SourceForge's control and provides end-to-end encryption (on top
of the signature files).

> I think the time has come for us to move, no? Fabian I know you've 
> already put some thought into this - do you have a preferred project 
> host, going forward?

As far as I'm concerned, moving away from SF is long overdue.

Unfortunately my impression is that self-hosting is currently the only
long-term option as all the project hosting services I'm aware of seem
to fail to satisfy most of the requirements from:
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup#l413

After talking to various self-hosting developers, I believe the
requirements could be mostly met by using Bugzilla for bug reports,
Mailman for mailing lists, Gitolite and Gitweb for version control stuff
and nginx (or Privoxy itself) as webserver.

If there are better options, I'd be interested to hear about them.

If nobody objects, I can try to get things moving by looking for a hoster
that is willing to sponsor (at least) one server in exchange for being
mentioned on the website and a contract with SPI Inc. or Zwiebelfreunde e.V.
to get the tax benefits.

> All input welcome, however a priori I would have thought github would be 
> the obvious choice?

In my obviously biased opinion, Github is a pretty poor choice for a
free software project with a reasonable amount of users with strong
feelings about (software) freedom, privacy and security.

Github seems to fail at requirements 2 (a show stopper for me), 4, 5,
6, 7, 8 and 9 and I'm unsure about the remaining ones. IIRC, Github also
lacks support for commit mails with diffs included.

Having said that, there's no reason why all the Privoxy-related things
have to be hosted on the same hosting service.

If you are comfortable with using Github for Mac OS X development
and none of the other OS X developers and contributors object,
you could migrate the OS X stuff at your earliest convenience
(and migrate again if/when Github starts to follow SF's "lead"
or better options become available).

After all, Github currently isn't worse than SF and OS X users
are unlikely to complain about Github being a proprietary service
anyway ...

Fabian