Gitea Ltd conflicts of interest and the Gitea community

Development Gitea
#1

Bonjour,

Back in July 2022 I wrote an article about the potential conflict of interest Lunny had, being both an elected leader of the Gitea community and having signed an NDA with an unknown third party in order to run a contract. The conflict of interest manifested itself when it was revealed on October 25th 2022 that he had created a company and transferred the Gitea domains and trademarks.

Now that Gitea Ltd is in control of the Gitea project the conflict of interest is resolved: they will ultimately always rule in favor of a solution that best serves their purpose. Just like any other VC funded company, they want to maximize profit. They could be candid about that, hire a dozen developers to work on the Gitea codebase and move forward and send their goodbye to a Free Software community that no longer serve their purpose.

However, since their objective is to maximize profit, it is in their best interest to keep the volunteers currently working on the Gitea codebase. They are free labor and saving the salary of ten full time developers is worth around a million USD per year. This is not the kind of saving a startup would overlook if given the chance.

Maybe Gitea Ltd will never do that but maybe they will: there is no way to tell the future. The first step they would need to keep this free labor around is to try to convince them they have some kind of control over the project, minor decision making power hoping they will not realize it is delegated to them by Gitea Ltd who is in a position to take it back overnight. In other words, they would need to claim that the Gitea community is essentially the same as before they took over.

Of course that would be a lie but it may be convincing enough that Free Software developers believe it to be true. Gitea Ltd would not be the first company doing that, marketing the illusion of a community project to hide their real motivation: getting free labor. I’ve been lied to more than once and it sometime took months to figure out the hidden agenda.

The best way to expose the Gitea community lies that Gitea Ltd would (hypothetically) try to build is to expose it via the manifestations of the conflict of interests that demonstrate the decisions making process always ultimately is in favor of Gitea Ltd interests. I will track these conflicts of interest in this topic so they can be referenced to by developers who would need proofs that the Gitea Community has no control over the project.

Cheers

#2

Early 2022, taking control of the Gitea project by owning the domains and the trademark is the first manifestation of a conflict of interest where a decision is made in favor of Gitea Ltd and to the disadvantage of the Gitea Community who lost control.

#3

Gitea Ltd is in controls of the domains and has been in a position to collect the IPs of all Gitea instances that ping back for checking newer versions daily. This information has commercial value: it is a pulse and geolocalisation of the majority of Gitea instance since it is the default.

A pull request changing the default for privacy reasons received comments from the Gitea Ltd shareholders advocating against it.

The potential conflict interest was not mentioned: the discussion was exclusively on the balance between security and privacy.

This is not a manifestation of a conflict of interest. But it is a conflict of interest that was not identified as such.

#4

This is a draft of a page to keep an inventory of conflicts of interest around Gitea. I think it would help Gitea contributors who are currently debating about what the apparition of Gitea Ltd changed in the project. There will be good things in the future, I’m sure. But there will also be a steady stream of manifestations of their conflict of interest.

The list should also show the conflict of interest Codeberg has so they can compare and decide where they prefer to be.

TL;DR:

Comparison of Gitea and Smithy, on topics related to conflicts of interest.

Gitea Smithy
In the interest of the general public No No
Democratic No Yes
Privacy first No Yes

Conflicts of interest and their consequences

In the interest of the general public

A Free Software project goal could be to give priority to the needs of the general public, as opposed to a particular organization. Gitea is controled by the Gitea Ltd for-profit company and Smithy is controled by the Codeberg e.V. non-profit association. In both projects there is a conflict of interest between the needs of the general public which includes the community of volunteer developers and the needs of the organization that controls them.

  • No: The goal of Codeberg is to run a Smithy instance for the benefit of the general public.

  • No: The goal of Gitea Ltd is to maximize profit.

Democratic

Volunteer developers may be contributing in a democratic environment where they collectively are in control of the Free Software project. If there is no democratic environment, they are have no control over the project.

  • Yes: Smithy is controled by Codeberg which is a democratic non-profit organization.

  • No: Gitea is controled, via a trademark and ownership of the domains, by Gitea Ltd which is a privately owned for-profit company. See the “Trademark and domains ownership” section below.

Privacy first

When privacy comes first, the software can be run out of the box with no risk regarding privacy. Otherwise it may contain features that may compromise the user privacy for practical purposes, such as enhancing security.

  • Yes: Smithy has a privacy first policy

  • No: Gitea Ltd does not have a privacy first policy. A potential conflict of interest has been identified, see the “Access to the domains access logs” section below.

Conflicts of interest analysis methodology

A conflict of interest is when a person (individual or organization) has to choose between their own gain (financial or power) and the benefit of others. A person involved in a Free Software project may face no conflict of interest, very little or a lot: it is a matter of degree. It is worth identifying them when they have a singificant influence on the evolution of the project.

Conflicts of interest:

  • Are identified: when a topic has the potential of a financial or power gain for someone invovled in the project (example: the number of stars of Gitea on GitHub has a positive influence on the reputation of Gitea maintainers and may help them get jobs or create companies)
  • Are declared: when someone publicly stated their conflict of interest on a given topic (example: Lunny announced publicly being a shareholder of Gitea Ltd, a for profit company and at the same time being an elected member of the Gitea community. The two organizations have diverging goals and some Lunny’s decisions may be in favor of Gitea Ltd and detrimental to the Gitea community)
  • Have potential: when someone could have a conflict of interest if they participate in decisions on a given topic (example: Gitea Ltd could oppose Gitea leaving GitHub because it harms is reputation)
  • Have manifestations: when someone made money or gained power after making or influencing a decision at the expense of others (example: Gitea Ltd tookover the Gitea project and the Gitea community no longer has control over it)

If a conflict of interest cannot be resolved, it can be mitigated if the person abstains from participating in the decisions where they can manifest (example: Gitea maintainers should not speak against leaving GitHub because the reputation of the Gitea project on GitHub is an incentive for them to do so).

Gitea: inventory of the conflicts of interest

Trademark and domains ownership

  • Identified: the person who owns the trademark and the domains is in control of the Gitea project
  • Potential: it was never detected, primarily because the Gitea project governance promised the ownership of the project was under the control of democratic elected leaders. There has been no indication the moral obligation of the owners would not be fulfilled.
  • Declared: October 2022 when Gitea Ltd announced ownership of the trademark and domains and declared itself steward of the project.
  • Manifestation: Gitea Ltd takeover the Gitea project
    • Financial win: Gitea Ltd gets funding and commercial contracts
    • Power loss: The Gitea community decisions can all be overruled by Gitea Ltd
  • Mitigation: none

Access to the domains access logs

  • Identified: the person who has acces to the logs of the web site to which weekly update defer to can use this data to evaluate the number of installed Gitea instances as well as their geographical location. It can be used to figure out in which region it would be best to develop a commercial activity. It can also be used to cross reference Gitea instances run by opponents of an oppressive regime.
  • Potential: Gitea Ltd owns the domains and may have used that information to gain a commercial advantage. They could be opposed to changes that favor privacy if the outcome is that the accuracy of the data collected lowers the commercial advantage they get from it.
  • Mitigation: none (shareholders of Gitea Ltd advocate against privacy in this PR)

The interest of the organization in control comes first

  • Identified: the goals of Gitea Ltd may be prefered to the goals of the general public

Smithy: inventory of the conflicts of interest

The interest of the organization in control comes first

  • Identified: the goals of Codeberg e.V. may be prefered to the goals of the general public