Since GitHub continues introducing antifeatures and enforcing an own vision of software development, like mandatory 2FA (I don't need such mandatory imitation of security when I'll have to bear its cost while working around it). A possible workaround can be using TOTP 2FA + a browser extension implementing TOTP (TOTP is easy to implement) within the browser, but using such an extension to workaround these ingenious decisions of the managers is:

• disrespectful to oneself;
• temporary: until the managers get another ingenious idea, for example that everyone must use FIDO2 devices with attestation;
• risky: one has to store secrets on devices and risk to lose the account;
  .

Let's discuss the decent replacements of GitHub.

The following features of GitHub are needed:

• no reCAPTCHA

• no CloudFlare and its client-side solutions (including "hCaptcha", Turnstile, "Managed Challenges", "under attack" mode and so on)

• no other fingerprinting/tracking scripts

• usable without JS

• must not crash browser

• code hosting

  • git
  • mercurial
  • pijul - a promising vcs, but is a bit immature and lacks tooling around it currently. Written in Rust - so may be suspectable to trust issues.

• pull requests

• issues

• ssh access

• https access

• non-mandatory, but highly desireable

  • public API access without an API key

• nice to have, but I can live without it

  • LFS
  • global full-text search
  • wiki
  • pages
  • CI
  • Docker
  • Actions (I still have to use own scipts)
  • dependency tracking

• gratis

• be at least somehow trusted. I mean providing service costs money. Providing service free of charge is unprofitable. That means payment is done by other means. For MS the way they benefit from owning this service is understandable:

  • now they can trust the service they control more and use it for their corporate projects without any surprises (to Microsoft), they have unique realtime access to all the code stored in their service and can use it to create statistical models-based products
  • they can push the ecosystem into the direction they want.
  • But also they can close or alter projects they don't like.
    But for smaller services the first two options are less possible, which makes one to think of using them with caution.

Unfortunately I see no decent alternative, maybe except Launchpad and Nest and Codeberg.

• Ubuntu Launchpad - essential features present, maintained by a large corp (though they have proven to act badly in the case of conflict of interests, like promoting Snapcraft by removing deb packages and forcing users to use them)

• Gogs, Gitea (fork of Gogs) and Forgejo (fork of Gitea) instances like Codeberg (Forgejo-based):

  • trust issues for standalone instances
  • essential features, like repo deletion, don't work without JS. Workarounds:
    • the surrogate script
    • disabling CSS.
  • the site is so heavy (despite it looks lightweight) that it OOM-crashes my browser too often and hangs devtools on the DOM tab.

• OneDev

  • not intended to be used by third parties, intended to be purely self-hosted: projects are identified either by ID or by their names, without author nickname as a prefix
  • cannot view listing of files without JS

• GitBucket - essential features are present, looks good even without JS (example)

  • not intended to be used by third parties

• CodeBase

Hobbyist Plan just £12/month

is everything you should know about them

• SourceHut - email-centered workflow. Deeply opinionated by Drew DeVault, who enforces own vision on what everyone must do (like that the usernames must be lowercase, though on self-hosted instances it may be possible to fork and patch the unwanted antifeatures, but it is likely a lot of work and merge conflicts with the upstream). Also sr.ht is a paid service.
• Pijul Nest - need to try.
• GitLab, Heptapod and their standalone instances - is not an option since it relies on reCAPTCHA on signup page (and it is likely it won't be removed) and requires everyone to execute their JS. Also gitlab.com uses CloudFlare fingerprinting on their sign up page. There was #movingtogitlab movement when MS has acquired GitHub, but it turned out that in the short term GitLab inc. despite making a free open-source product behaved worse than MS-acquired GitHub.
• SourceForge - while inconvenient to use, looks obsolete, uses obsolete software (ssh shell is available) and bugs are not fixed for years, the essential functionality is present.
• huggingface.co - mainly for hostig machine learning models, no SSH, used through huggingface_hub python package.
• GNU Savannah - feels obsolete. No PRs.
• https://repo.or.cz/ - pretty barebones, only code hosting
• https://radicle.xyz/ - written in Rust, uses Cargo -> problems with trusting it for non-having backdoors