Uh oh. Does this 0-day affect #Forgejo and/or #Gitea as well?
#Gitea
@joat @malwaretech I set up a gitea server earlier this year on a VM at hetzner, and it has a much higher uptime than github (hasn't been down yet). I didn't expect that. Reason was we have 150+ private repos, didn't want to pay bitbucket, because we didn'tt use the UI. much. Also to my surprise, i do use the #gitea UI sometimes to find repos (now approaching 200 I guess).
Si vous utilisez Gogs, vous avez un gros problème
https://fed.brid.gy/r/https://korben.info/gogs-faille-zero-day-rce-alerte-migrer-gitea.html
For hosting our internal source code repositories, we're using #gitea. There are a bunch of other options and all of them seem to mimic github's look and feel. Gitea was the one I found out about first some years ago and it stuck. It has an issue tracker and works well for doing pull requests and reviewing them online.
There's a commercial cloud hosting offer and an enterprise option but we're self-hosting. It's just a single Go binary: https://about.gitea.com/products/gitea/
I've been working on improving the documentation for #bovine the the #staticwebsite server for @forgejo and @gitea, you can find it here: https://bovine.squarecows.com/docs/
Tác giả đang cân nhắc chuyển từ Gitea sang Fogejo sau phiên bản hard fork 2024. Hiện tại họ dùng Gitea với Docker và Woodpecker CI để deploy web tự động, xử lý nhanh (8 giây). Thắc mắc: Fogejo tích hợp tốt với Woodpecker CI không? Cộng đồng có đáng tin? Di chuyển repo có dễ dàng? #Gitea #Fogejo #SelfHosting #PhanMemMoi #TuDongHoHoa
https://www.reddit.com/r/selfhosted/comments/1ph3byo/gitea_to_fogejo/
🎄 Natale arriva in anticipo con i @devol!
Da oggi vi regaliamo una casa tutta europea per i vostri progetti open source: https://forgejo.it 🚀
#Forgejo è il fork di Gitea libero, europeo e sviluppato da una comunità, mentre #Gitea è diventata una società privata con sede in Asia e non è più interessata al @fediverso
Per questo invito chi ha progetti su gitea.it o #github a chiedermi un account forgejo, basta una email e username!
👉 Il mio profilo forgejo federato è questo: @filippodb@forgejo.it
Anoche hice funcionar el actor de ci/cd en #gitea. Otra razón menos de depender de github y sus nefastas dueños.
Commit 05: Heute haben wir uns gedacht, schreiben wir mal die Geschichte von #Gog, #Gitea, #Forgejo & #Codeberg auf. Voilá:
https://y.lab.nrw/jek25-05 (#Hedgedoc)
\__
#wartenauf39c3 #jek25 #cccRegio #OpenSource #39c3 #FLOSS #FOSSEAM #Adventskalender @Codeberg
🚀 Bovine Pages Server v0.1.1 is here!
New features for self-hosted static sites:
🔒 DNS TXT Verification - Prevent domain hijacking with cryptographic proof of ownership
🔀 Custom Domain Redirects - URL redirect system with .redirects file support, automatic Traefik middleware creation
Self-host your static sites with Forgejo/Gitea - no vendor lock-in, full control, automatic HTTPS via Traefik.
🔗 https://code.squarecows.com/SquareCows/pages-server
#OpenSource #SelfHosted #StaticSites #Forgejo #Gitea #Traefik #WebDev
稍微的探索了一下,发现现在的这个情况还不是特别明朗。
首先是这个#tangled 基于 at protocol,它分多部分组成,包括一个个人信息数据服务PDS,一个界面比如说bluesky或者tangled。其实自己最想host的部分其实就是自己的数据,包括发送的帖子,保存的图片等等。而如何利用PDS的数据库去展示一些信息,则是由这个界面控制的。所以如果想试试at protocol,最先建议入手的是自建PDS。
然后也稍微了解了一下基于activitypub的代码仓库。现在有一个activitypub协议的扩展叫#forgefed (https://forgefed.org/),但是大家的开发都不是特别积极。其中#gitea 似乎完全没管,#forgejo 正在开发两年了,现在依然遥遥无期。偶然还了解到了gitea和forgejo的故事,原来是gitea在几年前想要开始搞商业化恰饭,导致一群人出走,fork了gitea创建了forgejo。有点像前一阵子alist和openlist的事情了。
还有另一个去中心化的git合作项目叫 #gitworkshop (https://gitworkshop.dev/)基于#nostr ,它似乎不负责托管代码,只是给不同的代码托管平台共享一些信息,比如说issue的讨论,pr等等。
了解了那么多,确实有点惊讶git如此一个去中心化设计的系统居然没有一个去中心化/联邦的平台activitypub的实现,目前也只有一个at protocol的tangled。
Ok folks #bovine the #forgejo #gitea static web pages server is almost ready for release. One more feature to build and test and this is to do some DNS validation to stop a bad actor registering domains in the pages router! a very early preview release can be found here: https://bovine.squarecows.com #traefik
EDIT 3: I have Anubis installed and configured the way I want now. I would recommend it, the .deb works great. Don't forget to set POLICY_FNAME like I did :blobfoxfacepalm:
cool, the LLM scrapers have found my #Gitea instance
anybody have advice about how to keep the bastards at bay? I would love to run Anubis, but I don't want to introduce Docker to this server.
EDIT: It seems that Anubis is now shipping a .deb, so I'll give that a shot.
They even use protecting a Gitea instance as their base-case in the docs
https://anubis.techaro.lol/docs/admin/native-install/
EDIT 2: setting up Anubis was pretty simple. I can't seem to get challenges issued even to the `minimal-suspicion` threshold, but I do see challenges issued against the abusive requests, so I should be okay now.
Marre des robots IA qui s'invitent sur votre Gitea ? ✋
Protégez votre instance avec mon robots.txt anti-IA, facile à déployer. Votre code mérite le respect !
Tous les détails ici : https://wiki.blablalinux.be/fr/robots-txt-gitea-blocage-ia
Today's #HomeLab routine apt package updates results:
- #Gitea CI/CD runner broken
- #Traefik is broken on two environments
And that was not a #DNS. #Docker is the reason.
#Updates #SelfHosting #SelfHosted #Selfhosting #HomeServer #ServerMaintenance #Maintenance
Gitea 1.25.2 is released
We’re excited to deliver a fresh round of important fixes, security enhancements, and overall polish to make your Gitea experience even smoother. We highly recommend upgrading to this version.
Check out the full release notes: https://blog.gitea.com/release-of-1.25.2/
#OpenSource #Gitea
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst