Testimony: GitLab.com related issues

pilou · August 7, 2021, 9:47pm

I just received this response from someone I asked his/her feedback:

While I do own a GitHub account, I was asked to sum up similar issues for GitLab and the like so here it goes:

Many projects are using GitLab, either gitlab.com or their own instance under certain circumstances.

Let’s start with gitlab.com; as for people above I currently have an account I had to create for current $job, but as this one is not really a matter of choice (that’s kinda out of topic here, but I guess it would be a very interesting question nonetheless, to what extent your employer can force you to accept ToS, Privacy Policy and so on for things you would largely disagree with. The consent isn’t really free), for that reason I won’t talk about the usage implied by your job. For the personnal use then, GitLab face a lot of spam, largely because their snippet tool is indexed by search engines, and to a lesser extent, project names, repos and their content. For that reason, it is only possible to sign up to gitlab.com either by using OAuth with a 3rd party identity provider (Google, GitHub and one or two others). I don’t like this solution, because you create dependency between different services that might not be related, and you might want to quit the identity provider without quitting other services, so I tend to avoid that. The other solution is to sign up without OAuth, but you have to go through Google’s reCAPTCHA hassle. For many reason I now refuse to go through this, so it’s a deadlock: no way to sign up to gitlab.com

Some issues on that topic:

https://gitlab.com/gitlab-org/gitlab-foss/-/issues/45684

https://gitlab.com/gitlab-org/gitlab-foss/-/issues/47749

https://gitlab.com/gitlab-org/gitlab-foss/-/issues/46548

It was supposed to be worked on for some releases but seems to have been many times postponed. This means many users, including me, are unable to contribue issues or MR on many FLOSS projects there. One exception to this, F-droid had the great idea to create an anynomous account with public creds they give to anyone asking for them on IRC. This still means someone else went though the reCAPTCHA, which makes it a last resort and not really a win.

Other projects surch as GNOME hosts their own GitLab but makes it difficult to sign up with respect to the users for the same reasons. I could create bug on their old bugzilla, I can’t anymore contribute since they moved to this gitlab, unfortunately.

The author adds that reCAPTCHA is enabled by default on-self hosted gitlab instances.

dachary · August 8, 2021, 7:20am

I’m certain it is possible to create an account without using a third party because I don’t have an account on any of the proposed third party providers. But I do have a GitLab.com account in my name. Going through reCAPTCHA is however required.

The fedeproxy CI runs GItLab CE and does not have reCAPTCHA. Is this about GitLab EE?

pilou · August 8, 2021, 10:56am

I guess the author means that not using a third party wasn’t acceptable for the reasons mentioned before.

It looks like the author is wrong on this point, I didn’t find anything which would disable reCAPTCHA neither within enough repository nor within the sameersbn/docker- repository (besides reCAPTCHA requires an API key, there isn’t a default API key).