
Packaging now standard, dependency proxy next? - reimertz
https://about.gitlab.com/2019/05/10/github-adds-package-registry/
======
amingilani
I feel as though this announcement caught GitLab by surprise and it scrambled
to put a strong message out there that it already had similar offerings in
place. At the same time, however, I don't think their choice of phrasing is
the most appropriate. It'd probably have been better handled more subtly.

But does it matter at all? If I host critical code somewhere, it has to be
available, and GitLab's uptime history[0] is so much poorer compared to
GitHub's[1], with service disruptions and degradations being more common, and
far more severe. I don't understand why GitLab doesn't focus on improving the
quality of their service. It's not like this is new.

Edit: I feel like I came across as very sour, and I am. But I do like GitLab.
I've actually used its CI and Docker image repository in the past and prefer
how everything is in one place. I've even written fairly a fairly
comprehensive article outlining a deployment pipeline leveraging their tech,
but I just don't like service disruptions, especially when they're normalized.

[0]:
[https://status.gitlab.com/pages/history/5b36dc6502d06804c083...](https://status.gitlab.com/pages/history/5b36dc6502d06804c08349f7)

[1]:
[https://www.githubstatus.com/history](https://www.githubstatus.com/history)

~~~
tw20190511demje
GitLab's primary focus is on selling a product, not GitHub-like services. The
hosted instance at gitlab.com is incidental to this. The number of commenters
on HN who don't seem to get this is weirdly high.

GitHub is competing for your attention and trying to convince you to use
github.com similar to the way that Facebook wants you to use their site.
GitLab is not.

If you don't want to use gitlab.com because of low uptime, GitLab doesn't
care. GitLab cares about whether you want to buy a GitLab license. If you're
not in the market for that, then you were never a potential customer, anyway.
Expecting GitLab to care about what you think about the ops history for
gitlab.com is like thinking that a car dealer cares about how satisfied the
people are who come in to have a coffee, eat a cookie, and test drive a car
from the showroom, and never intend to buy anything. That's what gitlab.com
is: a showroom.

~~~
amingilani
> GitLab's primary focus is on selling a product, not GitHub-like services ...
> The number of commenters on HN who don't seem to get this is weirdly high.

You're mistaken. This was true at one point, but no longer. GitLab maintains a
document comparing itself to GitHub[0], has mature pricing tiers that go up to
$99 per user[1], encouraged users to switch during the Microsoft acquisition
by giving discounts on their higher tiers[3], and has paid me $500 in a bug
bounty for reporting business logic flaws that allowed free users to leverage
APIs that they shouldn't have had access to according to their plans.

If you're actively pulling devs to your product, and even charging them. Make
sure your product stays up.

Also, please don't scorn people that disagree with you. Some times it's not
them that "don't seem to get" it.

[0]: [https://about.gitlab.com/devops-tools/github-vs-
gitlab.html](https://about.gitlab.com/devops-tools/github-vs-gitlab.html)

[1]: [https://about.gitlab.com/pricing/](https://about.gitlab.com/pricing/)

[2]:
[https://about.gitlab.com/2018/06/03/movingtogitlab/](https://about.gitlab.com/2018/06/03/movingtogitlab/)

[3]: The report is redacted, but you can see the bounty at my HackerOne
profile: [https://hackerone.com/gilani](https://hackerone.com/gilani)

------
ilaksh
I had no idea Gitlab already did this well before Github.

I think it's absolutely an appropriate response.

~~~
StavrosK
I use GitLab daily and for everything and I didn't know this. I know of the
container registry and build artifacts, but they don't have an actual
registry, do they? I can't point pip to something on GitLab and do "pip
install mypackage" and it will work, correct?

~~~
scrollaway
It doesn't for python. It does for npm, java and docker though. I've been
using the Docker one and it works fantastically well.

~~~
StavrosK
I use the Docker Registry as well, it does work great. Is there some special
integration for npm/Java, or is it because you can just download the artifacts
if you specify the URL?

~~~
scrollaway
There's an auth layer to implement + publishing APIs, I believe that's all
there is though.

If only there was some standard for package hosting + publishing across all
languages… _stares at The Update Framework_

------
whalesalad
Gitlab might want to rethink their PR strategy. Every knee jerk reaction they
toss out there in response to things like this makes me want to try their tech
less and less.

~~~
techntoke
Your loss. At least they have a self-hosted open source version for you to
try. That is way more than GitHub offers.

~~~
whalesalad
They are apples and oranges, really.

------
thallavajhula
I'm not sure I get the point of this post. Is is to convey that Gitlab did it
before GitHub did it? If it's not, then, I really don't get the point.

~~~
hluska
I’m in the same boat as you. I don’t get the point either. Can someone help?

~~~
tommoor
Now you know Gitlab has this feature

------
bdcravens
Gitlab offers some compelling advantages, but I think they realize “we did it
first” isn’t a strong defensible position as Github chooses to offer the same
features. (After all, Github offered the main feature first)

------
arnieswap
It's really good to see GitHub embracing the work that GitLab has been doing
for a while (more than 5 years) now. While its healthy competition, it also
shows how Open Source companies/projects like GitLab are ahead of proprietary
companies and in fact lead the industry with their innovation.

~~~
lightgreen
How GitLab is not proprietary? It is a private commercial company.

How GitLab is open source? It open sources a non-essential portion of its
software, and so does GitHub.

~~~
scrollaway
Gitlab is like the most open source company out there. It sets examples in
transparency that even Mozilla should learn from.

Calling what it open sources "non-essential" is so ridiculously misinformed
that I'm really wondering what your goal is here.

~~~
bdcravens
I agree they open more than the non-essential parts. It's worth noting that
what we are currently talking about isn't an open source innovation however.
It's a proprietary offering by a company that does a lot of open source: in
both cases. Github opened Atom, contributes significantly to Rails, etc.

------
IfOnlyYouKnew
It's somewhat rich for Gitlab to passive-aggressively complain about Github
releasing a feature they released first.

------
XzAeRosho
You can either love or hate Gitlab/Github, but this competition is always
fantastic for their users.

~~~
toyg
It's a shame we lost BitBucket along the way. They were the first to spearhead
the "all private repos free for individuals" model that the others eventually
adopted.

~~~
regecks
Being a Bitbucket user is pretty distressing right now. We're invested quite
heavily into it, but moving to Gitlab would really address some of our major
pain points (having to run Sonatype Nexus, and some Bitbucket Pipelines
restrictions).

I hope they can catch up before it becomes too tempting to bail.

~~~
orf
They could start by adding syntax highlighting.

------
itwy
Lol, if we are thinking that way, they stole their entire business idea from
GitHub!!! They are upset GitHub copied a single feature! Unbelievable.

~~~
techntoke
No they didn't. There were plenty of similar SCM's before GitHub. GitLab
quickly outpaced them and added a lot of valuable unique features.

~~~
PierceJoy
Please. In the earlier days, Gitlab was shameless about copying things from
GitHub. At one point, they even styled their website to be almost
indistinguishable from the GitHub Enterprise site. If I recall correctly,
there may have even been some copying of HTML/CSS from the GitHub Enterprise
site.

The reason those things were never widely known is because GitHub never made
whiny passive aggressive blogs posts about it. That's one thing Gitlab should
have copied from GitHub.

~~~
techntoke
I think you're thinking of Gogs or Gitea. GitHub should have been building a
self-hosted open source version and CI platform. Now they're well in the dust
and still don't have an open source version.

~~~
PierceJoy
I'm not. I'm thinking about Gitlab. There is a long history of Gitlab
shamelessly copying things from GitHub, and GitHub taking the high road. I
would be so much more likely to support them if they didn't act like complete
tools any time GitHub releases a new feature, _especially_ considering their
history.

> Now they're well in the dust and still don't have an open source version.

GitHub is massively larger than Gitlab. It's not even close. You're focussing
on one relatively unimportant thing, and missing the bigger picture. I would
wager a year from now, GitHub's lead in the market will have increased, not
decreased.

~~~
techntoke
What would you like to wager? I'll wager GitLab will be even further
integrated into Kubernetes and the go to for open source CI/CD.

~~~
PierceJoy
Why are you so hyper focused on products being open source? With a very very
small number of exceptions, this has never mattered, and likely will never
matter.

I wager GitHub will be a significantly larger company, with more users both
free and paid, hosting a significantly larger portion of notable open source
projects.

~~~
techntoke
Because I care about innovation for distribution of social benefits and
environmental improvement, as opposed to profit.

~~~
PierceJoy
And I can understand why you like Gitlab the open source project. However,
we're talking about Gitlab the for profit company. My criticisms apply only to
the company, not the project.

------
booleandilemma
Are they upset Microsoft didn’t buy them instead?

~~~
bdcravens
I'd expect Google or someone comparable to buy them (you know they are already
having those conversations)

