Not the best way to look at it. A lot of developers today work primarily on github because it's not possible to interact/work in other projects from their siloed forges. When gitlab implements AP, things are no longer siloed and therefore there will be a percentage of (current) Github users who will free to choose their forge independently of network effects.
It's better to ask "how many projects are stuck to Github exclusively because of collaboration tools, and how many of these would be able to leave Github once more Gitlab/Gitea/Forgejo are able to interoperate? How much of its customer base can Github afford to lose before being forced to give up their monopolistic strategy?"
It's approximately 0. Microsoft knew that GitHub had no moat being what it was when they acquired it.
T hat's why they've been adding CI, Pages, Codespaces, Copilot, and a bunch of other crap that only some of which people actually asked for in order to raise switching costs. That would go against everything they've been doing the last couple years.
I'm pretty sure that's only if you're a gatekeeper, which are only the services big enough that my mom would notice directly if they'd go down (things used by millions of people in my country of 18 million). Whether Apple's messaging system, default enabled on every Apple phone, qualifies is currently being debated, to give a sense of what scale this requires.
The DMA/DSA laws also contain rules for smaller parties (I've been getting tons of ToS update emails mentioning the digital somethings act), but not interoperability
- ld-signatures is now W3C vc-data-integrity:
"Verifiable Credential Data Integrity 1.0
Securing the Integrity of Verifiable Credential Data" https://www.w3.org/TR/vc-data-integrity/
- vc-data-integrity specifies how to normalize the document by sorting keys ~ in the JSON before cryptographically signing the transformed, isomorphic graph
- SLSA.dev also specifies signed provenance metadata (optionally with sigstore.dev for centralized release artifact hashes), but not (yet?) with Linked Data
> Blockcerts is an open standard for building apps that issue and verify blockchain-based official records. These may include certificates for civic records, academic credentials, professional licenses, workforce development, and more.
> Blockcerts consists of open-source libraries, tools, and mobile apps enabling a decentralized, standards-based, recipient-centric ecosystem, enabling trustless verification through blockchain technologies.
> Blockcerts uses and encourages consolidation on open standards. Blockcerts is committed to self-sovereign identity of all participants, and enabling recipient control of their claims through easy-to-use tools such as the certificate wallet (mobile app). Blockcerts is also committed to availability of credentials, without single points of failure.
- [ ] SCH: link a git commit graph (with GPG signatures) with other linked data of an open source software project; for example (SLSA,) build logs and JSON-LD SBOMs.
- >> Is there an ACME-like thing to verify online identity control like Keybase still does?
rglullis|2 years ago
It's better to ask "how many projects are stuck to Github exclusively because of collaboration tools, and how many of these would be able to leave Github once more Gitlab/Gitea/Forgejo are able to interoperate? How much of its customer base can Github afford to lose before being forced to give up their monopolistic strategy?"
treyd|2 years ago
badrequest|2 years ago
paulddraper|2 years ago
GitHub had the best moat: network.
But yes, the additions have only deepened it.
pera|2 years ago
IIRC Meta now has to implement interoperability with other chat apps like Signal, I wonder if GitHub will have to do the same through AP soon
Aachen|2 years ago
The DMA/DSA laws also contain rules for smaller parties (I've been getting tons of ToS update emails mentioning the digital somethings act), but not interoperability
ragebol|2 years ago
I was going to say that Microsoft has no social network, so that this might open them up etc, but then again, there's LinkedIn.
tazjin|2 years ago
westurner|2 years ago
- "Key server (cryptographic)" https://en.wikipedia.org/wiki/Key_server_(cryptographic)
- W3C DID Decentralized Identifiers (that you can optionally locally generate like pubkey hash account identifiers)
- "Linked Data Signatures for GPG" https://gpg.jsld.org/ ; GPG in (JSON-LD) RDF
- ld-signatures is now W3C vc-data-integrity: "Verifiable Credential Data Integrity 1.0 Securing the Integrity of Verifiable Credential Data" https://www.w3.org/TR/vc-data-integrity/
- An example of GPG signatures on linked data documents: https://gpg.jsld.org/contexts/#GpgSignature2020
- vc-data-integrity specifies how to normalize the document by sorting keys ~ in the JSON before cryptographically signing the transformed, isomorphic graph
- SLSA.dev also specifies signed provenance metadata (optionally with sigstore.dev for centralized release artifact hashes), but not (yet?) with Linked Data
- Blockcerts: blockchain-certificates/cert-verifier-js , https://www.blockcerts.org/guide/ :
> Blockcerts is an open standard for building apps that issue and verify blockchain-based official records. These may include certificates for civic records, academic credentials, professional licenses, workforce development, and more.
> Blockcerts consists of open-source libraries, tools, and mobile apps enabling a decentralized, standards-based, recipient-centric ecosystem, enabling trustless verification through blockchain technologies.
> Blockcerts uses and encourages consolidation on open standards. Blockcerts is committed to self-sovereign identity of all participants, and enabling recipient control of their claims through easy-to-use tools such as the certificate wallet (mobile app). Blockcerts is also committed to availability of credentials, without single points of failure.
- [ ] SCH: link a git commit graph (with GPG signatures) with other linked data of an open source software project; for example (SLSA,) build logs and JSON-LD SBOMs.
- >> Is there an ACME-like thing to verify online identity control like Keybase still does?
znpy|2 years ago