
GitLab is open core, GitHub is closed source (2016) - OJFord
https://about.gitlab.com/2016/07/20/gitlab-is-open-core-github-is-closed-source
======
nimbius
ive been using gitlab for 3 years now in an enterprise environment, and the
only complaint I have is lack of federation (albeit im told after the MS move,
this is getting a lot more attention.)

I have 1400+ projects and more than 700 users in 3 geographic locations using
my server. backups with ruby fog libraries included in gitlab are taken once a
night and im expanding the CI presence to include a kubernetes cluster. In
short, Gitlab is worth it if you have the resources to deploy.

If not, gitea is a great alternative as well.
[https://gitea.io](https://gitea.io)

~~~
hunter23
I have also been using gitlab for 3 years. The main complaint I have is
usability / UX. For example, if you go through their merge request flow, parts
of the page are unreadable. Sometimes it feels like this:
[http://corsairmediaservices.com/images/blog/bad-
interface.jp...](http://corsairmediaservices.com/images/blog/bad-
interface.jpg)

Unfortunately, I haven't seen much improvement on the design side. While their
company has invested in design resources, it feels like every designer is
focused on a specific feature. When you group those features into a page (like
merge requests) you get this jumbled mess.

Luckily after using the product for 3 years you start to have muscle memory of
where things are but overall the design severely lags Github's.

~~~
svesselov
Ouch, that's a rough comparison @hunter23. We hear you though, there is a lot
packed into that Merge Request area. I would love to hear what you think about
this updated design [https://gitlab.com/gitlab-org/gitlab-
ce/issues/37479#note_71...](https://gitlab.com/gitlab-org/gitlab-
ce/issues/37479#note_71376767).

"While their company has invested in design resources, it feels like every
designer is focused on a specific feature. When you group those features into
a page (like merge requests) you get this jumbled mess."

Thank you for the honest and direct feedback. We work together as a team and
try to keep a holistic view even as we iterate on specific features. We know
we can do better here and are actively working to make things consistent and
understandable. We have opened several epics dedicated to this, you can see
them here: [https://gitlab.com/groups/gitlab-
org/-/epics?scope=all&utf8=...](https://gitlab.com/groups/gitlab-
org/-/epics?scope=all&utf8=%E2%9C%93&state=opened&author_username=sarrahvesselov)

------
jwilk
GitHub might be closed source, but it doesn't matter that much in practice.
The code is not where most of its value is. The value is mostly in large
community of users and reliable infrastructure.

Also, for me, GitLab's heavy reliance on JavaScript disqualifies it as a
serious competitor to GitHub.

~~~
akmittal
>Also, for me, GitLab's heavy reliance on JavaScript disqualifies it as a
serious competitor to GitHub.

How in the world using JavaScript makes a project less serious. Although
Gitlab use mostly use Ruby and Go. JavaScript is used for Web UI only like
most companies.

~~~
foresto
I'm guessing the key word here is _reliance_. Some of us are fine with sites
that use JavaScript, but only if the core functionality still works when
scripts are blocked.

If you're wondering why someone would feel this way, the reasons vary from
person to person, but perhaps the best reason is that a site that becomes
nonfunctional when client-side scripts are disabled puts itself at odds with
basic web security precautions.

------
feduzi
I've been using GitLab for a while. And for me this looks like a PR move in
the light of Github being bought by Microsoft.

 _EDIT: did not notice post was from 2016. Has nothing to do with Microsoft
buying Github._

GitLab (not self-hosted) has constant deployment/stability issues. They do an
update and sometimes GitLab is down for several hours.

This is not a huge deal for me, as I can just push my code later.

But the main concern I have is that recently they've just removed some free
features in order (I guess) to force people to pay.

Features removed (the only once I've noticed):

\- Merge requests: squash commits feature

\- Push rules: make sure users do not push commits with non-Gitlab user
emails.

\- Protected branches: allow certain users to push/merge, not a whole role.

There was no email notifying about this changes, it just happened that I've
created a new repo, and then noticed some stuff missing.

 _EDIT:_

Since this got traction. I've started digging to see the differences between
repos. I have one group that is under "Early Adopter" plan, which has all the
features mentioned. Recently I've created a new group, which went under "Free"
plan, and this group does not have features mentioned.

I wonder why the "Early Adopter" plan is not carried over to my new group.

 _EDIT_ : From Gitlab blog ([https://about.gitlab.com/2017/09/01/gitlab-com-
paid-features...](https://about.gitlab.com/2017/09/01/gitlab-com-paid-
features/)):

> For existing users on the Free plan, we've created a special Early Adopter
> Plan for you. This plan has all of the existing features available in our
> Silver plan, with the exception of additional CI minutes or premium support.
> Any group or user account created before September 1st will be put onto this
> plan for a year for free. While we will not add new paid features to this
> plan, you'll continue to enjoy powerful features, like multi-project
> pipelines and canary deployments, for the next year. After 12 months, you
> will get rolled back to the Free plan. You can upgrade at any time.

Still personally feels like they're taking away free features, but just giving
me a year to enjoy what I've already had.

~~~
sjs382
It was posted in 2016. It's not in response to GitHub being bought.

~~~
nikofeyn
but it being posted again certainly is.

~~~
OJFord
Yes, I (submitter) do not work for GitLab, I just remembered this article
while replying to a thread in one of the submissions about the acquisition,
and thought it was interesting to read again in that light.

[https://news.ycombinator.com/item?id=17225762](https://news.ycombinator.com/item?id=17225762)

------
mikegerwitz
I also want to highlight what I wrote in 2015 about GitLab's commitment to
free software: [https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-
so...](https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software)

------
irq11
Yeah, well...Gitlab is also built on libgit2 and rugged. The core libraries
that power Gitlab’s interaction with Git? Those are open-source projects
written by Github.

I did some work with libgit and rugged and said to myself that I was shocked
Github was open-sourcing such a core competency...these libraries make it
pretty easy for an average web programmer to build their own Github.

Github has been pretty damned generous to the open-source community, and it’s
sad to see a fast-follower project use this kind of rhetoric successfully.

~~~
kbutler
Acknowledged in the article:

    
    
      """GitHub very actively contributes to open source themselves, including many contributions to Git and Ruby on Rails, and releasing libraries and applications like libgit2, Atom, and Hubot. Also note that we build GitLab with software that GitHub open sourced such as libgit2."""

~~~
dnomad
The article is profoundly dishonest. They've built their whole company on open
source code provided by the "closed source company" Github.

Here's the truth that so many seem to be in denial about: it is "closed
source" companies like Google, Microsoft, Facebook, IBM and Oracle that
produce the overwhelming majority of high-quality open source software. It's
not even close. Over the last ten years these companies have given away
_billions of dollars in value_ in the form of open source software. These
companies have done much more for open-source than GitLab and their buggy
Javascript ever will.

------
Aardwolf
"open core" sounds like a different word than "open source" to me

why are none of the popular open source hosting providers fully open source?
that's the least you'd expect of such service!

wikipedia can do it after all, so it must be possible!

~~~
geoah
Because no one really wants to self host their own version of wikipedia. But
many companies want and do host their code themselves.

~~~
Qwertie
No one wants to self host wikipedia but many self host wikis that are off
topic for wikipedia.

------
OJFord
I thought this was interesting to re-read in light of Microsoft's (reported)
acquisition of GitHub; it was previously discussed a bit at the time:

[https://news.ycombinator.com/item?id=12131844](https://news.ycombinator.com/item?id=12131844)

But closed as dupe due to another similar company blog post on the front page.

------
miguelrochefort
What if Microsoft open sources GitHub?

~~~
tedeh
May be hard to explain to stock holders looking for return on the
acquisition...

~~~
veidr
My take on that is:

a.) A huge part of GitHub's value is their _default-ness_. Anybody can build a
website UI to git, although it is a lot of engineering work. Gitlab and
Bitbucket are somewhere in that equation.

People uneasy about MS are all over the Internet talking about moving off of
GitHub today. MS announcing that they are open-sourcing GitHub would instantly
evaporate a lot of that doubt/resentment/NOFUCKYUOM$!!!!URRRGH.

b.) They could also open-core it, not totally open-source it, just like
GitLab. Thereby keeping basically _all_ of the more-lucrative enterprise
business (that's probably way more comfortable with Microsoft anyway).

~~~
test6554
The main thing github gives microsoft is a pool of people it can try to push
into Azure. Azure means that Microsoft no longer needs to care whether you
develop apps for windows or linux or mac, or the web. As long as you make and
deploy apps to Azure, you can use whatever stack you like.

For that reason, they have a strong incentive to keep people happy and on
github, and they have a huge incentive to make it easy to deploy from github
to azure with a single click or something similar.

------
EGreg
I have a major question about self hosted software like GitLab.

As many of you know, I am a huge proponent of open source and the
collaboration economy.

I have put my money where my mouth is by reinvesting over _half a million
dollars_ from our startup company’s revenues into building the open source
Qbix Platform, in the hopes of leading a revolution in all SAAS software,
including the stuff where you need profiles, permissions, collaboration,
notifications, realtime and social features on top of whatever you’re doing
(git, editing a document, planning a trip).

[https://m.youtube.com/watch?v=pZ1O_gmPneI](https://m.youtube.com/watch?v=pZ1O_gmPneI)

Having built v1.0 recently, we began making backwards compatible changes to
eventually turn the Federated model (communities = landlords) into a
permissionless, end to end encrypted and secure model for everyone. It may
take us another year:

[https://qbix.com/blog](https://qbix.com/blog)

We are even making our own browser because the current browsers don’t have all
the features we need to pioneer the whole vision:

[https://projects.invisionapp.com/m/share/TKHYMVSJNW2](https://projects.invisionapp.com/m/share/TKHYMVSJNW2)

BUT here is the question I have. What is the best way to UPDATE the software
on the back end?

We want this thing to be secure. Discourse, Wordpress et al tell you about
updates. That’s fine but how do you actually _install_ them? By entering a
password into a web interface you can get the _web server user_ to replace all
the core files of the installation? Isn’t that a vector for serious attacks?

All the attacker has to do is somehow get your password or password hash, and
it’s game over. They can send the right request to do arbitrary code
execution.

On the other hand, if a developer signs the new payload, this may mitigate
things. It is what app stores do.

Still, how do back ends get upgraded in self hosted open source software? In
SAAS you just don’t worry about it. This is one area where we could use some
professional consulting :)

~~~
brodock
> BUT here is the question I have. What is the best way to UPDATE the software
> on the back end?

GitLab has the Omnibus packages. We build it for few major linux distributions
and you can get the package from here:
[https://packages.gitlab.com/gitlab/gitlab-
ce](https://packages.gitlab.com/gitlab/gitlab-ce) (you can also add it as
debian/rpm source, see installation).

Upgrading is a matter of `apt update && apt upgrade` and checking for eventual
configuration changes/deprecations in `/etc/gitlab/gitlab.rb`. If you read the
release note posts, upgrade instructions are always on the bottom of the page.

All packages are GPG signed, so you can check for tempering. If you don't
trust our builds, you can fork our omnibus-gitlab repo and trigger a build on
your own hardware.

------
tbiteteitb
The only thing keeping Us from deploying access to Gitlab to the rest of the
Organization is the lack of multiple file upload in the Web UI

Gitlab is really an amazing piece of software and We would like to have all
the Organization on Board to handle Everything alas Redmine

It's the only thing missing in our criteria or use case taking into account
that Gitlab is not a software for the whole Organization and more oriented to
software development.

But adding a pair of things, it can be of use to all the departments in an Org

------
rwmj
What do people think of Pagure?
([https://pagure.io/pagure](https://pagure.io/pagure))

I've used it a very little. They've unfortunately copied the terrible workflow
around github "pull requests", except made it even more confusing. The rest of
it looks reasonable.

------
exikyut
Two questions:

\- What are the code/feature differences between CE and EE?

\- Does GitLab EE have a test VM version like GitHub does?

~~~
lloeki
\- Tiers: [https://about.gitlab.com/pricing/self-hosted/feature-
compari...](https://about.gitlab.com/pricing/self-hosted/feature-comparison/)

\- Trial: [https://about.gitlab.com/free-
trial/](https://about.gitlab.com/free-trial/)

~~~
exikyut
Interesting.

Each of those non-free features should be a link to a video. Possibly even the
same video, with a time/position key.

------
sGatling1788
The elephant in the room is that GitHub is closed source yet is the one who
sold for $7.5B.

~~~
burkaman
That seems irrelevant to this discussion

------
dis-sys
Wondering whether Microsoft has ever acquired any major open source
project/product? from memory, minecraft/skype/github are all closed source
stuff. It is also pretty amazing that Microsoft still refuses to open source
any of its major products like Windows, Office, SQL Server or even Visual
Studio - even when most of them have better open source alternatives.

If you look, the most embarrassing thing about Microsoft is that they pretend
to be embracing open source under the new CEO, yet their entire WSL joke aimed
for running linux apps on Windows is not open sourced. There are numerous WSL
bugs, there is an official github repo for WSL there but there is no WSL
source code you can read.

Maybe for Microsoft Open Source is still considered as a cancer?

~~~
dev_north_east
> Office, SQL Server or even Visual Studio - even when most of them have
> better open source alternatives.

I'll leave the middle one, but c'mon there is nothing close to VS and the open
alternatives to Office are not in the same ball-park.

~~~
sGatling1788
My guess is upwards of 90% of users would not use features in MSOffice not
available in Open/LibreOffice. Most organizations are "creatively encouraged"
(ie. forced) to use MSOffice.

Similar for SQLServer - Windows shops kind of default to it.

VS is the exception.

~~~
pnutjam
Open/LibreOffice have better compatibility with old versions of office. Visio
is another standout with no real Open Source competitor.

------
romanovcode
I have another one: GitLab is slow, GitHub is fast.

~~~
0xfeba
I have this one static page that uses their API to list all pipelines across
all projects. Like 50 API calls at once. It's usually terribly slow (1-2 mins
to finish, sometimes more).

Today it's the fastest it's ever been. <1 second to load.

~~~
0xfeba
Welp, back to normal now. Really slow.

------
briandear
The marketing department of Gitlab seems especially active on HN lately. Why
is this article being revived? This was already talked about two years ago.

You know what is also open source? Git. I am not sure what the value is for
having an open source clone of Github. Repositories can be changed in seconds
thanks to git. So unless people are actually afraid of Microsoft reading
private repos and can’t afford Github Enterprise, than I fail to understand
why it matters that Gitlab is “open core.” Site reliability is far more
important. I have never cared to look at Github source code. What for? It’s a
utility for me like Dropbox or iCloud. GitHub and Github Enterprise have
always worked great for me; as long as that continues to happen, why would
someone like me care about Gitlab? Can anyone provide a specific benefit of
Gitlab over Github? At the end of the day, what’s the value proposition?

~~~
dang
I agree it isn't the best article to revive when there are fresh articles on
the major news. But I don't think it's "the marketing department of Gitlab".
It's just that a bunch of users want to talk about Gitlab and open-source
generally in the context of the news. Same reason
[https://news.ycombinator.com/item?id=17223116](https://news.ycombinator.com/item?id=17223116)
was a huge thread yesterday.

