Very good idea!

1.2 in February, 1.3 in April, 1.4 in June, 1.5 in August? should be enough time to implement all that 😄

If you haven't seen it, fantastic and insightful comment supporting your approach to self-hosting only when ready: https://lobste.rs/s/gokjbo/gitea_1_1_0_released/comments/dg9pwe#c_dg9pwe

@lunny Now that I think about it (thanks @zellyn for that link 😂 ) Why do we need oauth-provider, complete webhook support, api-documentation, and a complete API for self-hosting?

OAuth Consumer is required (it's merged AFAIK) so people can login using github auth.
Drone only uses push hooks, so why would we need the other?

As for API, not sure why self-hosting requires that at all TBH :)

I agree about trimming that list. Earlier self-hosting will very likely help us setting priorities better :)

@bkcsoft maybe we can setup a hosted site and have a try.

@bkcsoft I updated the issue, do you mean that?

-> OAuth provider (#27) is not closed

@ekozan not closed, but scratched from the list of "things we need"

Added "Repository Size Limits" since we don't have unlimited storage on the servers...

My proposal for limits:

• 0 Orgs
• 3 Repos
• 1GB/repo

@bkcsoft Did you mean it will be a public service for anyone?

Maybe, maybe not, but if it becomes a public service we can't have it unlimited ;)

I think dogfooding is important enough that repo size limits may not need to be in the critical path for self-hosting gitea. In the first few days after migrating to gitea, I've run across several feature omissions that made me think self-hosting will help focus effort on getting those things done. Gitea is already a fantastic, highly usable, high-performance tool -- it's a real shame you aren't using it yourselves. ;-)

Rather than depend on hard size limits, it might instead be helpful to think about how the self-hosted server is going to be administered, who's going to police bad behavior, and what tools they will want. For instance, contributor forks of the gitea project ought to be supported on gitea's own server. This exposes the risk that a user forks gitea, then pushes warez to their fork. Size limits might help prevent pushing large binaries, but might not help with a list of passwords or credit card numbers. A tool that might help in that case is something that detects alien files by diff line count or rolling hash.

A nice side-effect of having a diff-size tool available is that the code could be available as an option to run during pushes to flag legitimate commits that should have been broken up into smaller pieces anyway. (Related discussion for ways to do this: #3658 (comment).)

I'd bet there are a lot of other subtle things that will need to be addressed for public-facing servers. It might make sense to use a separate "public hosting" master issue or milestone to track these things.

Speaking of milestones, should this issue be added to 1.5.0?

@stevegt No, since I think that not all of the PRs will get merged / resolved at 1.5.0.

I removed Repository Size Limits (#3658) from the issue since it will not affect Gitea hosted gitea.

I removed Repository Size Limits (#3658) from the issue since it will not affect Gitea hosted gitea.

Great! I'm positive that the sooner Gitea hosts itself, the faster will the whole project profit from real-life experiences, and gain trust and confidence :)

@lafriks mentions in another thread:

Self-hosted would probably require additional funding/sponsorship to pay for additional virtual machine

And @lunny asks above:

@bkcsoft Did you mean it will be a public service for anyone?

Would it be feasible to combine those thoughts into a "How about setting up an online Gitea service, where people pay for (say) private repos?".

If done ok, that should generate the funds to pay for itself + the public repos.

As a concept, it seems to be fairly well travelled ground. 😄

To promptly add to @justinclift idea; the timing might be right with the current news of Microsoft taking over GitHub.

@lafriks mentions in another thread:

Self-hosted would probably require additional funding/sponsorship to pay for additional virtual machine

I'm confident that there will be funding from the community or sponsorship from organisations to make gitea hosting itself possible. Since Gitea is resource-friendly (yes, GitLab, I'm looking at you) this won't be a big deal.

@mxmehl so far there have been 5 individuals that have contributed since the opencollective was open last month: https://opencollective.com/gitea

@justinclift as Gitea is purely community for driven there is no way we could set up paid private repositories as that requires creating company, dealing with taxes, and have full time staff to deal with technical problems

@mxmehl so far there have been 5 individuals that have contributed since the opencollective was open last month: https://opencollective.com/gitea

@techknowlogick Didn't know this page. Now it's 6 ;)

@lafriks Well.... there are Community projects around - for both software and non-software things - which seem to manage themselves ok, including financial matters, things they pay for, staff (where needed), and so on.

That being said, it does require a level of will to make it happen + keep it going. The people in any needed roles also need to be good custodians (trustworthy, reliable, clueful).

If there's no interest, then it won't go anywhere anyway. Ditto if no suitable "custodian" types can be agreed upon.

From the Open Collective link mentioned above, it looks like some initial seeds are in place. It demonstrates there are people around who are considered ok as custodians. 😄

And I'm a Chinese, and maybe you should be careful. Someday I may stole your codes. :)

I think I may have that plan when I started Gogs with other 3 Chinese people on 2014.

It wasn't my intention to switch away from my instance but I don't like that this project relies on infrastructure donated from a Chinese company. You don't really know what they do in the future or if they demand to cut their donation if you don't implement XY or do ZA or if they just go away some day.
You probably know what you are doing and my concerns are just to cautious but you'll never know.

That's a totally idiotic reply.
Now i might be more open minded as i'm Dutch, we kinda embrace that. You should try it too.

As long as this project is open source, there is no risk in my opinion for anything you said.
And even if they do, which probably means forking Gitea, they are fully in their right as the license simply permits it.

The US however... let me remind you that Github has limited their features now due to the "trade war" between the US and China. If anything, the US is more of a risk for free software development at the moment then China has ever been. Heck, @lunny is probably even effected on this very repository due to the trade war.

@lunny and the team developing Gitea. Keep up the awesome work! :)

And gitea.com's first purpose will not become as a service like github.com or gitlab.com. It will only host gitea itself and we recommend you set up yourself gitea instance in fact.

Is it something you may consider in the future ?

As long as this project is open source, there is no risk in my opinion for anything you said.

The core project has no risk but the infrastructure does. There are no guaranties that the unknown unreputable donor will be there next month no matter if he comes from anywhere or China. GitHub will be here for a long time and won't go anywhere that quick.

Also if the entire infrastructure moves to China the entire user base will suffer due to the difficulties between the US and China.

@lunny Regarding e-mails taking ~10 minutes, in my case my company server has an anti-SPAM measure that is a "cool off" timer (20 minutes here) within which it will temporarily reject any mails from unknown sources. So, if it's the first time a user (me) receives an e-mail from that domain (e.g. gitea.com), then my server will respond with "try later" and remember that user/domain combination. The next time gitea.com attempts to deliver my mail within the expected time, the server accepts the message.
Obviously we have some "trusted sources" configured, like GMail, Hotmail, etc. that don't need a cool-off period.

People, if you want more infrastructure spread around for every region then please vote with your wallet at https://opencollective.com/gitea

@SuperSandro2000 Are you aware that Gitea is not a service but a product? You download the sources, compile Gitea in your servers and install it. No connection whatsoever required to Gitea's hosting.

if they demand to cut their donation if you don't implement XY or do ZA or if they just go away some day.

There are no guaranties that the unknown unreputable donor will be there next month.

A couple of responses to this: We wouldn't host on an unreputable company, and the Gitea leads have placed our trust in this company. If they stop providing sponsorship, or stop being a company we have options available to us, and can move elsewhere.

the entire user base will suffer due to the difficulties between the US and China.

A large part of Gitea team is from China (but we also have maintainers in all other continents too), and if development team can't access code then the user base will suffer, which is why we need development team to be able to access code. We build Gitea so everyone can use it, even users who are banned from GitHub (after recent ban wave from GitHub a lot of those users started using Gitea).

As others have mentioned, there are mirrors of the codebase on other instances around the world, and thanks to git there is a ledger of all changes made to code so everyone can have visibility into all changes.

A note on transparency: I have locked this thread. I don't want to stop this conversation, however it should be moved to a different place as this github ticket is about what enhancements need to be done with software for self-hosting (rather than where we are hosting).