Yet another Hacker News

30 points ciwolex 1 hour ago 37 comments

I have a few projects on Github. I am receiving a lot of spam PRs and requests from vibe coders and bots. Most of them to prop up their profiles. The stars are obviously exaggerated too.

What other platforms are you using for your projects?

comrade1234 1 hour ago | parent

Git is pretty simple to host yourself. For literally decades I've used git and gitolite to host git for me and a revolving team of developers.

But if you want it to be public though where anyone can access/fork it then you have to deal with "spam".

fhdkweig 1 hour ago | parent

I'm not familiar with git, but can you post a read-only version publicly so others can still access all the commit history but not be subjected to pull requests?

JTrehan 1 hour ago | parent

If you have somewhere to host it you can go with https://forgejo.org/ and have control over everything.

ryandrake 48 minutes ago | parent

Git doesn’t even need to be “hosted” in the traditional sense. The whole point of it is that it is distributed and you don’t actually need a centralized source of truth.

1313ed01 1 hour ago | parent

That's pretty much what git over https does by default (is it even possible to do read-write to a git repo over https instead of ssh?).

https://git-scm.com/docs/http-protocol

not_kurt_godel 1 hour ago | parent

> is it even possible to do read-write to a git repo over https instead of ssh?

Yes; it's not only possible but very common: https://docs.github.com/en/get-started/git-basics/about-remo...

(IIRC it is in fact actually even sometimes preferable from a security standpoint; or at least that's the tentative conclusion I've reached under a few specific circumstances over the years, although the exact details elude my memory at the moment.)

8ig8 1 hour ago | parent

Fossil

https://fossil-scm.org

ciwolex 1 hour ago | parent

How do you deal with bot traffic and traffic from AI that's trying to get training data from your codebase

ben_w 49 minutes ago | parent

Same way you would for any other server. And I mean that 100% literally, given that at the command-line level the remote is simply a URL: https://git-scm.com/docs/git-remote

comrade1234 11 minutes ago | parent

Only developers that have sent me their public ssh key have access to

ruuda 1 hour ago | parent

Codeberg

sixtyj 1 hour ago | parent

PROJECTS: 608267

It seems to be alive.

FabCH 1 hour ago | parent

Codeberg hosts some decently high profile projects.

It’s probably the one to go for.

Consider donating for their hardware costs. They are completely transparent about their costs and where the money goes.

ciwolex 1 hour ago | parent

That's awesome, I didn't know they went to that level of transparency. I think this is a strong consideration.

tocariimaa 1 hour ago | parent

Codefloe

ciwolex 1 hour ago | parent

I think one important factor would be still being able to interact with a community of people who care for software and would like to put genuine thoughts. Whether it be for submitting bug reports, issues, PRs or security reports. Of course other platforms are not diverse as GitHub, it would be nice to see which other platforms are attracting such people. This in turn has a higher chance of interacting with such people.

sixtyj 1 hour ago | parent

Gitlab

rurban 1 hour ago | parent

Pretty easy to setup a PR block for anybody you dont like. Like every other people. Or new people

cobertos 1 hour ago | parent

Related question, is there a web-based self-hosted git replacement that's _light-weight_ (i.e. resilient to scraping)? Should have things like file view, file browser, etc but is not taxing on the server.

motoroco 1 hour ago | parent

gitea runs well on a low end server in my experience. self hosting on hetzner and it's somehow the holy trinity of cheap, fast and reliable. I previously (years ago) self hosted gitlab but I remember it being very slow which was the reason I moved on

xrd 1 hour ago | parent

Forgejo. A single tiny golang binary, I think about 200mb. It has 75% of the functionality of gitlab with 5% of the resource requirements. I migrated to it and have never missed gitlab.

mfenniak 57 minutes ago | parent

Forgejo is lightweight relative to some other options, but it is not resilient to scraping. Scrapers can access, commit-by-commit, each individual file, each file's "git blame", and each commit's repository archive... and they do. Most public Forgejo instances need to rely on a reverse proxy like Anubis or Iocaine in order to prevent server resources from being exhausted by bad actors. Or require sign-in for all access.

https://codeberg.org/forgejo/discussions/issues/320

sneak 2 minutes ago | parent

I like Gitea.

unsungNovelty 1 hour ago | parent

sourcehut.org would be my choice. Drew is pretty adamant about stuff and his morales. You will dislike somethings (UI and some policies) but will like majority of the things (tech like CI/CD etc). It's OSS and can be self-hosted as well. But I think drew fighting LLM scrappers on our behalf is good for us. It's also cheap and should progressively improve going forward.

It's my long term plan. And the project and company is setup in a way to be here for the long game. So, I am progressively moving my projects (private and in small numbers, but still...) from gitlab to sourcehut over this year or next.

Link - https://sourcehut.org/

rolph 1 hour ago | parent

New repository settings for configuring pull request access [feb13-2026]

https://github.blog/changelog/2026-02-13-new-repository-sett...

drakmail 1 hour ago | parent

Self hosted forgejo is pretty good for me

ratg13 59 minutes ago | parent

Set up a GitHub action to auto-close any pull requests from anyone not on an approved list.

Leave a message in the pull request that if they want to argue their case for a pull request they can send a message through a communication channel of your choice, and say that anyone sending a message with AI generated text, even to help with language and grammar will be banned.

lostmsu 55 minutes ago | parent

Not sure how the options suggested in this thread except closing the PRs to collaborators only are going to solve spam problem. Obscurity?

senorcrab 55 minutes ago | parent

Codeberg.org is really great.

Also I recommend self-hosting Gitea for private projects and backing-up public projects

shimman 46 minutes ago | parent

I use forgejo myself but both are great choices. Self hosting has improved dramatically over the last decade. So many things that I would never think we'd have access to, like open source PaaS software on-par with what VC companies offer (dokploy, coolify, or komodo).

maxdo 52 minutes ago | parent

Move it to private GitHub repo. Really weird question if you open to public , pr is what’s expected .

jasonriddle 52 minutes ago | parent

It depends on what you are looking to get out of the next platform.

For me, I'm not interested in the social aspect of coding anymore, so I have a Synology NAS running a git server accessible via ssh and I push my code there.

I use klaus (https://github.com/jonashaag/klaus) as a read only git web ui. My NAS is connected to my tailscale network so it's easy to view things on the go. It's a simple setup and works great.

ElectronBadger 51 minutes ago | parent

Codeberg.org

ryandrake 45 minutes ago | parent

This is evidently not a popular opinion, but git repositories don’t need to be hosted on any platform. Your local repo is a complete copy and can be pulled and pushed from and to. If you really want a backup or “source of truth” copy, you can clone it anywhere you have shell access. We make so many simple things hard unnecessarily.

iLoveOncall 17 minutes ago | parent

If this was a viable option, OP would just private his GitHub repos, but it's pretty obvious that he wants to make them available publicly.

xeonmc 17 minutes ago | parent

You can disable PRs and Issues on GitHub. Though still good to migrate away for reliability considerations.

ctdinjeu8 4 minutes ago | parent

Today in: Non-issues