@bagder Essentially, #curl commit 0ae0abbe72514a75c10bfc4108d9f254f594c086 broke updating #HardenedBSD packages for certain users who use HardenedBSD behind a fully Tor-ified network (a network that uses transparent Tor proxying).
Those users were unable to update their HardenedBSD systems since the package manager uses libcurl behind-the-scenes. Some of these users live in malicious environments (malicious to human life), with actively-exploited applications.
So, this prohibition had a real negative impact, putting our users in harm's way.
If curl had a way to bypass the prohibition, we would've been able to keep our users safe.
This is why I mention #Radicle: they, too, do not support the .onion TLD by default, but can be configured to provide that support.
Radicle has three options:
Default: No support, .onion domain lookups will fail.
SOCKS support where .onion lookups succeed.
Explicit transparent proxying support, so .onion lookups succeed
#Radicle is an open source, peer-to-peer code collaboration stack built on #Git. Unlike centralized code hosting platforms, there is no single entity controlling the network. Repositories are replicated across peers in a decentralized manner, and users are in full control of their data and workflow.
In a move that surprises absolutely noone, GitHub now requires users to login in order to browse public repositories (including open source projects). After a few (~10) requests, you get blocked (I can confirm). In order to fight AI scrapers, I guess.
So, GitHub decided to blanket-limit access to open source projects as a defense against the very scourge that they(r parent company) unleashed on the world.
I won't be hypocrite: it's a bit embarrassing, but undeniably satisfying to say "told you so". I moved away from GitHub long ago and I moved all my stuff to Codeberg instead. And so happy I did!
I'm holding the next Radicle CI office hour on Wednesday, May 21, at 16:00 UTC at https://meet.jit.si/RadicleCI (that's about a week from now). I'll be there and can answer questions, and I plan to have a demo of installing Radicle CI.
@dentangle this is great, and very interesting. The other day we were test-driving #radicle for a #p2p forge, but bumped into some issues that await troubleshooting in some spare time.
@mrmasterkeyboard I took it one step further and went for the decentralized alternative. #Radicle (there are a couple more decentralized choices, mind you)
@voidcontext@radicle Signing a commit (with the radicle ssh key) and then pushing it to GitHub is certainly a great way to show the accounts are linked !
As far as I understand, that is only on the project level though - not on the user level.
I would ideally be looking for a generic way for the GitHub user to attest "this is my #Radicle public key and here is something signed by it to prove that it really is mine".
Maybe signing a commit to their "GitHub Profile Readme" though ??
For its 'hackability' as advertised on the project page, and that it is a more lightweight comprehensive codebase in Rust.
But at this moment we are looking into both, using #radicle as-is as a daily driver for our own purposes and #ayllu to integrate with. (Though this is currently on pause).
#Radicle has a different identity system than Microsoft's, so when moving projects over to Radicle it is important to know which GH user the Radicle projects belong to.
What would be a way you would use to link your Radicle and GitHub identities?
(Radicle identity is based on #SSH keys, specifically `did:key`).
Radicle 1.1: Elevating Peer-to-Peer Code Collaboration with New Features and Fixes
The latest release of Radicle 1.1 introduces significant improvements to its peer-to-peer, local-first code collaboration stack, enhancing the developer experience with new CLI commands and critical b...
'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
