this post was submitted on 29 Mar 2024
10 points (72.7% liked)

Open Source

31072 readers
763 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 
  • Can I opensource it in a way where changes is not open to the public?
  • I have google verification file on my git, is it ok to put it in the public?

The platform is gitlab.

all 18 comments
sorted by: hot top controversial new old
[–] [email protected] 16 points 7 months ago (2 children)

Open Source is sometimes described as "anyone can contribute", but that's an oversimplification. Open Source projects always have a gatekeeper or small community of gatekeepers who decide which contributions are actually incorporated into the project and which are rejected as not up to snuff or straight up bad ideas or whatever.

That's what you meant by your first question, right? Not "how do I hide the code of future changes" but "how do I retain control over what code is added to my repo", correct?

Even if you meant it the other way, you could theoretically do that. Open Source one version and then never release any newer versions.

[–] [email protected] 2 points 7 months ago (2 children)

No, I meant that I wanted to hide old commit history.

[–] [email protected] 8 points 7 months ago (1 children)

Ah! Yes. No reason why you couldn't. It would require making a new repo, copying the files into the new repo, and committing in one big commit before pushing to gitlab, but yeah. Definitely doable.

(I basically always do this myself. I don't start the Git repo until I want to Open Source it. So when I first Open Source it, it's a "complete" (or at least "minimum-viable-product") project and there's only one commit. Every commit I make and push thereafter is public, but there aren't any from before my first push/publish.)

[–] [email protected] 9 points 7 months ago (2 children)

It's worth noting that you can rewrite history after the fact with Git

[–] [email protected] 2 points 7 months ago

...if you hate anyone who might have a clone that they want to pull to later.

[–] [email protected] 1 points 7 months ago

Force push main with one giant squash commit.

[–] [email protected] 7 points 7 months ago (1 children)

You can always just reset your git history:

$ git reset [your first commit hash]
$ git add .
$ got commit -m "Collapse git history"
$ git push -f
[–] [email protected] 2 points 7 months ago

You'd have to collapse all branches not just one, and remove all tags, in order to clear the whole graph.

And of course you have to be allowed to – GitHub can have protected branches, protected tags, and force push protection.

Assuming you're the repo owner and can do all that it still would't affect other people's already existing clones, only new clones.

[–] [email protected] 0 points 7 months ago (1 children)

To me open source means you have access to the source code. You can choose to modify it and let the author know you modified it. It’s up to the author to decide if they want to implement the changes.

[–] [email protected] 1 points 7 months ago

The Open Source Iniative has a particular definition of "Open Source" that includes a lot more things than just "the source code is available." I'll admit that there is a certain extent to which the OSI's definiteion is implicit. For instance the OSI wouldn't consider a license that didn't allow recipients to sell the code for profit, but that bit's implicit under "6. No Discrimination Against Fields of Endeavor."

(I should mention that there's nothing in the Open Source definition indicating that Open Source software repositories can't have gatekeepers or anything. That's expected.)

I wouldn't use the term "Open Source" (and I kinda like to capitalize it to make it clear what definition I'm using... though I'm not 100% consistent about it; maybe I should start being so) to refer to any software that didn't meet the OSI's definition. So, for instance, I wouldn't refer to Louis Rossman's Grayjay (which disallows for instance sale and derivative works) or Meta's LLaMa as "Open Source" despite the fact that the source code is publicly available for no charge to anyone who cares to download it. (The term "source available" certainly fits applications like Grayjay and LLaMa's engine, though the term "Open Source" doesn't apply to LLM weights.)

And the distinction's important to me. I don't exclusively run Open Source (or Free/Libre) software, but there are a lot of specific contexts in which I do only use Open Source software. For instance, I don't run any proprietary (by which I mean "non-FLOSS") apps on my smartphone. And Grayjay doesn't count in my book, and until/unless it one day does (or I quit abandon that particular restriction), I wouldn't consider using it on my smart phone.

Your point that Open Source software contributions basically always have to be approved by somebody before the they get into "the" repository (the most canonical one that "everyone" pulls from, though you can totally make your own derivative work and publish it if it's truly Open Source).

[–] [email protected] 8 points 7 months ago* (last edited 7 months ago)

The whole point of opensource is making your source code public. Even if you can disable history viewing in GL, someone can still mirrors your repo and diff it for changes. The only way to not let people see changes is simply not open sourcing it.

Private submodule can help hiding some of your code and configurations, but this only helps hiding parts of the repo, including its history. You can't preventing people measuring changes of your webpage once online as anyone can just archive it.

[–] [email protected] 2 points 7 months ago (1 children)

You can use a public repo for your code. What do you mean changes to the public? If its other people changing your website, all that access is up to you. Publishing the code doesn’t mean letting anybody else submit changes to it.

What is a google verification file? Doesn’t sound like something youd want in a repository

[–] [email protected] 2 points 7 months ago

It's likely a Google Console verification file to show you own the domain (e.g. to make changes to search results). It has to be published to the site with a random url that only the owner and Google know, but it's still a public file. I don't think it's an issue if it's stored in source as Google will query the site and not the source for that file.

If OP is concerned they can also change the verification method: https://support.google.com/webmasters/answer/9008080?hl=en

[–] [email protected] 0 points 7 months ago (1 children)

Changes like contributions to your repo? Or changes like people can fork and modify the source code themselves?

[–] [email protected] 1 points 7 months ago

I mean the old commit history.