@andrewnez I was having a conversation with a friend in security the other day who was recalling how, when the CVE fiasco happened recently, everyone noticed EU had what seemed like an alternative they could maybe turn to, but upon closer inspection it was essentially a mirror. we need to do decentralization better, alongside sovereignty, for humanity’s sake

@andrewnez listened to an interesting point on a podcast by Everything Electric this morning. To paraphrase: "96% of the world is *NOT* living in the USA, so can we all please just stop talking about their news and get on with our own lives again?"

@andrewnez for forges, you might wish to add @Codeberg (Germany, EU). Not sure where Sourcehut sits (is it NL, @sir ?)

So there ARE alternatives. And as already pointed out in another comment by @jens , Forgejo/Gitea can be self-hosted as well. And at least for Forgejo, Federation is upcoming IIRC, to take another hurdle (separate registrations) from self-hosted installs.

But yeah, that list reads horrible, re "sovereignty" 😢

@andrewnez Consider that gitea contains package registries, and forgejo is the FLOSS fork. It's perfectly possible to build a bunch of these things with a self-hosted forgejo instance.

Which really means that a bunch of things forgejo does should become de facto standards.

There are also things that can be standardized that help here. For example, there are a few competing solutions for platform/language independent package meta information, including dependencies.

Could focus on that, too.

@andrewnez @gvwilson What about the Linux package repositories? Canonical, at least, is UK-based if I’m not mistaken, with subsidiaries in several countries.