top | item 46946906

(no title)

mholt | 20 days ago

Of course they're down while I'm trying to address a "High severity" security bug in Caddy but all I'm getting is a unicorn when loading the report.

(Actually there's 3 I'm currently working, but 2 are patched already, still closing the feedback loop though.)

I have a 2-hour window right now that is toddler free. I'm worried that the outage will delay the feedback loop with the reporter(s) into tomorrow and ultimately delay the patches.

I can't complain though -- GitHub sustains most of my livelihood so I can provide for my family through its Sponsors program, and I'm not a paying customer. (And yet, paying would not prevent the outage.) Overall I'm very grateful for GitHub.

discuss

gostsamo|20 days ago

have you considered moving or having at least an alternative? asking as someone using caddy for personal hosting who likes to have their website secure. :)

mholt|20 days ago

We can of course host our code elsewhere, the problem is the community is kind of locked-in. It would be very "expensive" to move, and would have to be very worthwhile. So far the math doesn't support that kind of change.

Usually an outage is not a big deal, I can still work locally. Today I just happen to be in a very GH-centric workflow with the security reports and such.

I'm curious how other maintainers maintain productivity during GH outages.

Nextgrid|20 days ago

> have you considered moving or having at least an alternative

Not who you're responding to, but my 2 cents: for a popular open-source project reliant on community contributions there is really no alternative. It's similar to social media - we all know it's trash and noxious, but if you're any kind of public figure you have to be there.

indigodaddy|20 days ago

You are talking to the maintainer of caddy :)

Edit- oh you probably meant an alternative to GitHub perhaps..

cced|20 days ago

Which security bug(s) are you referring to?

NewJazz|20 days ago

Presumably bugs that may still be under embargo