Missing Legal/Terms of Service at https://greenlock.domains/app/legal.html #2

Closed
by Ghost opened 6 years ago · 14 comments
Ghost commented 6 years ago

The link is missing https://greenlock.domains/app/legal.html.

Can we please move this project back to GitHub?

I do not trust a third-party hosting, but I do truly appreciate your support on this project and continued efforts to maintain it yourself.

The link is missing <https://greenlock.domains/app/legal.html>. Can we please move this project back to GitHub? I do not trust a third-party hosting, but I do truly appreciate your support on this project and continued efforts to maintain it yourself.
jshaver self-assigned this 6 years ago
Collaborator

Thanks for creating the issue about the legal link. I'll fix it. In the mean time you can see the legal information at https://greenlock.domains/legal.html

The git repository is hosted by the creator of the software, @coolaj86. I'm not sure I understand why you would rather trust a giant corporation (ie: Github/Microsoft) than the person who wrote the software and is maintaining it (who you would have to trust anyways). In this case, the real 3rd party would actually be Github/Microsoft, not git.coolaj86.com.

I don't mean to berate you for your question. I often come across that way in text, and if I do in this case, I apologize. If you have a concern about the repository being hosted here instead of github, please open another issue and go into deeper detail about your concerns so we can try to understand them better.

We know it's not the typical way of hosting repositories these days, but we think it's a better model for the users and the developers of the repos. Please know, we are not likely to move the repositories back to Github as a result of the opened issue. We would be more likely to modify our hosting setup, build a service to help address the concern, or decided that it is an acceptable draw-back than to move the repositories back.

edit: PS. I'll let @coolaj86 go into why the repos were moved in the first place, if he would like.

Thanks for creating the issue about the legal link. I'll fix it. In the mean time you can see the legal information at https://greenlock.domains/legal.html The git repository is hosted by the creator of the software, @coolaj86. I'm not sure I understand why you would rather trust a giant corporation (ie: Github/Microsoft) than the person who wrote the software and is maintaining it (who you would have to trust anyways). In this case, the real 3rd party would actually be Github/Microsoft, not git.coolaj86.com. I don't mean to berate you for your question. I often come across that way in text, and if I do in this case, I apologize. If you have a concern about the repository being hosted here instead of github, please open another issue and go into deeper detail about your concerns so we can try to understand them better. We know it's not the typical way of hosting repositories these days, but we think it's a better model for the users and the developers of the repos. Please know, we are not likely to move the repositories back to Github as a result of the opened issue. We would be more likely to modify our hosting setup, build a service to help address the concern, or decided that it is an acceptable draw-back than to move the repositories back. edit: PS. I'll let @coolaj86 go into why the repos were moved in the first place, if he would like.

Don't worry - I expected a response like this, and I apologize for not providing more detail for my reasons for posting this issue.

There are three main reasons why I am concerned it is not hosted on GitHub:

  1. DNS - I would trust GitHub over coolajs86.com's DNS management. It is not that I do not think he uses best-security practices (he most likely does).
  2. Contributors - I think that you would find yourself with way more contributors (I myself would gladly help contribute, I'm a member of Express/Koa and plan to implement this into my framework and share blog posts and code snippets using these packages) if you were to put it on GitHub. Signing into a third-party app (Gitea) with GitHub OAuth is not very user-friendly for GitHubbers (I know it only asks for public access, but it would be nice to just be able to go to a Greenlock org on GitHub to file an issue and keep track of it - since that's where every other package is maintained).
  3. History - I understand there was some political/non-sense that happened in the past, and I thank @coolaj86 for restoring the old versions (some even from NPM versions not publicly hosted on Git anywhere) and reviewing forks (and their updated commits/patches) into one concise organization for LetsEncrypt w/Node. However I don't think that because of this one incident that we should say GitHub is a bad thing.
Don't worry - I expected a response like this, and I apologize for not providing more detail for my reasons for posting this issue. There are three main reasons why I am concerned it is not hosted on GitHub: 1) DNS - I would trust GitHub over coolajs86.com's DNS management. It is not that I do not think he uses best-security practices (he most likely does). 2) Contributors - I think that you would find yourself with way more contributors (I myself would gladly help contribute, I'm a member of Express/Koa and plan to implement this into my framework and share blog posts and code snippets using these packages) if you were to put it on GitHub. Signing into a third-party app (Gitea) with GitHub OAuth is not very user-friendly for GitHubbers (I know it only asks for public access, but it would be nice to just be able to go to a Greenlock org on GitHub to file an issue and keep track of it - since that's where every other package is maintained). 3) History - I understand there was some political/non-sense that happened in the past, and I thank @coolaj86 for restoring the old versions (some even from NPM versions not publicly hosted on Git anywhere) and reviewing forks (and their updated commits/patches) into one concise organization for LetsEncrypt w/Node. However I don't think that because of this one incident that we should say GitHub is a bad thing.
Owner

Thanks for the report.

I'm pretty committed to 1st part hosting from now on considering my experience with Github and my former startup.

Here I know it will always be available and I won't have political or legal issues.

In fact, I'm really surprised that more projects still use github when gitea requires almost no setup and makes it not just possible but easy to embed google analytics, build a community that you have direct access to, and have your own branding.

If you want to get away from 3rd party hosting, Gitea gets my full endorsement:
https://www.youtube.com/watch?v=dTvTBlzKqgg

Thanks for the report. I'm pretty committed to 1st part hosting from now on considering my experience with Github and my former startup. Here I know it will always be available and I won't have political or legal issues. In fact, I'm really surprised that more projects still use github when gitea requires almost no setup and makes it not just possible but easy to embed google analytics, build a community that you have direct access to, and have your own branding. If you want to get away from 3rd party hosting, Gitea gets my full endorsement: https://www.youtube.com/watch?v=dTvTBlzKqgg

There's a fourth reason why as well, and that's because Gitea has horrid Markdown support (hence why my post above got formatted improperly).

There's a fourth reason why as well, and that's because Gitea has horrid Markdown support (hence why my post above got formatted improperly).

Also there's a link on your site that has alt-text of GitHub and an OctoCat but it points to Gitea https://coolaj86.com/ - just so you know!

Also there's a link on your site that has alt-text of GitHub and an OctoCat but it points to Gitea https://coolaj86.com/ - just so you know!
Owner

DNS

I host my own DNS, so when akamai is getting DDOSed and the whole internet is down (or Githb, as happens several times a year), this is still up and ticking.

Contributors

This was a concern that I had at first, but the quality of contributors we get self-hosted is far higher than we ever got before.

OAuth

The OAuth sign-in sucks. Terribad. That's an open issue. I'll ping the designer I've been working with again about this to see if we can get something to implement here immediately after and pull request to gitea soon after.

Github isn't terribad

Gitea is just so much better in almost every metric that I care about. The OAuth thing I do want to see a resolution to.

DNS I host my own DNS, so when akamai is getting DDOSed and the whole internet is down (or Githb, as happens several times a year), this is still up and ticking. Contributors This was a concern that I had at first, but the quality of contributors we get self-hosted is far higher than we ever got before. OAuth The OAuth sign-in sucks. Terribad. That's an open issue. I'll ping the designer I've been working with again about this to see if we can get something to implement here immediately after and pull request to gitea soon after. Github isn't terribad Gitea is just so much better in *almost* every metric that I care about. The OAuth thing I do want to see a resolution to.

@coolaj86 I understand that, but unfortunately if something were to happen to you - what is your back-up plan? Does someone else have access to your DNS management and admin of your servers/domains/hosting? What happens if something happens to both of you? I trust GitHub for this reason alone.

@coolaj86 I understand that, but unfortunately if something were to happen to you - what is your back-up plan? Does someone else have access to your DNS management and admin of your servers/domains/hosting? What happens if something happens to both of you? I trust GitHub for this reason alone.
Collaborator

If something happens to AJ, all these repos can be forked and hosted/managed anywhere else (even github!). So, I'm not sure why this would be a big concern.

If something happens to AJ, all these repos can be forked and hosted/managed anywhere else (even github!). So, I'm not sure why this would be a big concern.

There isn't an NPM organization managing the project through, there's currently only one collaborator on NPM on all these packages as far as I can tell.

e.g. https://www.npmjs.com/package/greenlock-koa

There isn't an NPM organization managing the project through, there's currently only one collaborator on NPM on all these packages as far as I can tell. e.g. https://www.npmjs.com/package/greenlock-koa

Just having a third-party manage my SSL certificate + middleware that is at the top-level of my app is a huge security concern.

Just having a third-party manage my SSL certificate + middleware that is at the top-level of my app is a _huge_ security concern.

I also just tried to edit a comment here and save it and couldn't, here was JavaScript in console... :sad:

I also just tried to edit a comment here and save it and couldn't, here was JavaScript in console... :sad:

I'd gladly sponsor this project if it was all moved back to GitHub.

I'd gladly sponsor this project if it was all moved back to GitHub.
Owner

I would rather address your concerns in relation to publishing our team hierarchy and security posture than moving to github.

Also, I upgraded to v1.4.2, which has the comment issue fixed.

I would rather address your concerns in relation to publishing our team hierarchy and security posture than moving to github. Also, I upgraded to v1.4.2, which has the comment issue fixed.
Collaborator

At this point we have added multiple users to the new organization on npm and are continuing to move forward with better organization. Closing this ticket for now. Thank you for the input and any further input you have on how we can improve is truly appreciated. We know we do it differently than most teams and while we aren't interested in switching to the usual way of doing things, we are genuinely striving to solve any paint-points or concerns along with our way, as we are able. We encourage you to open a new ticket at any time.

At this point we have added multiple users to the new organization on npm and are continuing to move forward with better organization. Closing this ticket for now. Thank you for the input and any further input you have on how we can improve is truly appreciated. We know we do it differently than most teams and while we aren't interested in switching to the usual way of doing things, we are genuinely striving to solve any paint-points or concerns along with our way, as we are able. We encourage you to open a new ticket at any time.
jshaver closed this issue 5 years ago
Sign in to join this conversation.
No Label
No Milestone
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.