- Can I opensource it in a way where changes is not open to the public?
- I have google verification file on my git, is it ok to put it in the public?
The platform is gitlab.
Open Source is sometimes described as “anyone can contribute”, but that’s an oversimplification. Open Source projects always have a gatekeeper or small community of gatekeepers who decide which contributions are actually incorporated into the project and which are rejected as not up to snuff or straight up bad ideas or whatever.
That’s what you meant by your first question, right? Not “how do I hide the code of future changes” but “how do I retain control over what code is added to my repo”, correct?
Even if you meant it the other way, you could theoretically do that. Open Source one version and then never release any newer versions.
No, I meant that I wanted to hide old commit history.
Ah! Yes. No reason why you couldn’t. It would require making a new repo, copying the files into the new repo, and committing in one big commit before pushing to gitlab, but yeah. Definitely doable.
(I basically always do this myself. I don’t start the Git repo until I want to Open Source it. So when I first Open Source it, it’s a “complete” (or at least “minimum-viable-product”) project and there’s only one commit. Every commit I make and push thereafter is public, but there aren’t any from before my first push/publish.)
It’s worth noting that you can rewrite history after the fact with Git
…if you hate anyone who might have a clone that they want to pull to later.
Force push main with one giant squash commit.
You can always just reset your git history:
$ git reset [your first commit hash] $ git add . $ got commit -m "Collapse git history" $ git push -f
You’d have to collapse all branches not just one, and remove all tags, in order to clear the whole graph.
And of course you have to be allowed to – GitHub can have protected branches, protected tags, and force push protection.
Assuming you’re the repo owner and can do all that it still would’t affect other people’s already existing clones, only new clones.
To me open source means you have access to the source code. You can choose to modify it and let the author know you modified it. It’s up to the author to decide if they want to implement the changes.
The Open Source Iniative has a particular definition of “Open Source” that includes a lot more things than just “the source code is available.” I’ll admit that there is a certain extent to which the OSI’s definiteion is implicit. For instance the OSI wouldn’t consider a license that didn’t allow recipients to sell the code for profit, but that bit’s implicit under “6. No Discrimination Against Fields of Endeavor.”
(I should mention that there’s nothing in the Open Source definition indicating that Open Source software repositories can’t have gatekeepers or anything. That’s expected.)
I wouldn’t use the term “Open Source” (and I kinda like to capitalize it to make it clear what definition I’m using… though I’m not 100% consistent about it; maybe I should start being so) to refer to any software that didn’t meet the OSI’s definition. So, for instance, I wouldn’t refer to Louis Rossman’s Grayjay (which disallows for instance sale and derivative works) or Meta’s LLaMa as “Open Source” despite the fact that the source code is publicly available for no charge to anyone who cares to download it. (The term “source available” certainly fits applications like Grayjay and LLaMa’s engine, though the term “Open Source” doesn’t apply to LLM weights.)
And the distinction’s important to me. I don’t exclusively run Open Source (or Free/Libre) software, but there are a lot of specific contexts in which I do only use Open Source software. For instance, I don’t run any proprietary (by which I mean “non-FLOSS”) apps on my smartphone. And Grayjay doesn’t count in my book, and until/unless it one day does (or I quit abandon that particular restriction), I wouldn’t consider using it on my smart phone.
Your point that Open Source software contributions basically always have to be approved by somebody before the they get into “the” repository (the most canonical one that “everyone” pulls from, though you can totally make your own derivative work and publish it if it’s truly Open Source).
The whole point of opensource is making your source code public. Even if you can disable history viewing in GL, someone can still mirrors your repo and diff it for changes. The only way to not let people see changes is simply not open sourcing it.
Private submodule can help hiding some of your code and configurations, but this only helps hiding parts of the repo, including its history. You can’t preventing people measuring changes of your webpage once online as anyone can just archive it.
You can use a public repo for your code. What do you mean changes to the public? If its other people changing your website, all that access is up to you. Publishing the code doesn’t mean letting anybody else submit changes to it.
What is a google verification file? Doesn’t sound like something youd want in a repository
It’s likely a Google Console verification file to show you own the domain (e.g. to make changes to search results). It has to be published to the site with a random url that only the owner and Google know, but it’s still a public file. I don’t think it’s an issue if it’s stored in source as Google will query the site and not the source for that file.
If OP is concerned they can also change the verification method: https://support.google.com/webmasters/answer/9008080?hl=en
Changes like contributions to your repo? Or changes like people can fork and modify the source code themselves?
I mean the old commit history.
deleted by creator
-
No I mean the old commits.
-
No, I mean when you list your website in google, they give you a code to host in your website to verify that you own the website.
AFAIK, those codes don’t need to be kept private, but I think they only do that verification once, so you can probably just delete the file at this point. (After all, you can also use a TXT record to store the verification code for a domain with Google, and those are definitely not private; anyone can
dig
your domain’s TXT records.)
-