There’s a particularly toxic combination of ignorance, laziness, NIH and hubris that you need to make a mistake like that, and I want it nowhere near my servers.
Now, I admit, I'm not one to get carried by the drama in the FOSS sphere (still use Gitea)
This is a bit of a “bell curve meme” situation. I’m extremely about the drama, and I’m back to gitea. The forgejo guys are good at branding, but I’m not seeing great project stewardship. I’ll take my chances with the commercial guys for now.
There was something wonky with the mapping of OIDC attributes to user properties, so I decided to look at the seahub source and see if it would be easy to fix.
Turns out, the whole thing is held together with hope and spit. Literal beginner code.
It’s very possible. If you carefully manage your attack surface and update your software regularly, you can mitigate your security risks quite a bit.
The main problem is going to be email. I have found no reliable way to send email that does not start with “have someone else do it for you” or “obtain an IP block delegation”.
The trouble with cloudflare is that there is just one. It’s one of the best registrars out there, the only free/cheap and usable DNS host (have you seen what route53 charges per zone??). That without getting into the whole tunnels and DDoS mitigation end of things, which is nearly unique at any price point.
The problem with cloudflare is that we’re missing three other cloudflares to move to if they decide to pull evil shit.