Well this is a tremendous step in the wrong direction. The economic problem is the ad supported model in the first place, no matter how it’s run. This is the same thing Google does, they keep user data to themselves and sell the ad placement. So now Mozilla has the same economic incentives as Google. Unfathomably bad move.
A major caveat I’ve noticed some people misunderstand: it’s corporate CLAs that are problematic. The Apache Foundation also requires contributors sign a CLA, but it’s to provide a legal fail safe and a way to update to say Apache 3.0 if need be one day. Apache’s non profit, open source mission aligns with respecting the rights of contributors and the community. Corporations, on the other hand, not so much.
Codeberg is run off of donations, they have no service contract revenue. Nobody, much less a volunteer, wants to commit to a 5 or 10 year service plan like that, it’s not sustainable for a small project from a non profit.
CLAs can be abusive, but not necessarily. Apache Foundation contributors need to sign CLAs, which essentially codify in contract form the terms of the Apache 2.0 license. It’s a precaution, in case some jurisdiction doesn’t uphold the passive licensing scheme used otherwise. There’s also a relicensing clause, but that’s restricted to keeping in spirit, they can’t close the source.
Arch for stuff I have physical access to. Nothing’s ever gone wrong, so it’s worth it for the immediate updates and consistency with my other systems. For VPS I use Debian though, occasionally the unstable/Sid branch if I really need the latest updates. There are almost always Debian images available on a VPS.
Forgejo is my go to, I ran it in a GCP micro instance, which has 768 MB ram and a piddling processor. One of my friends works for a company that had all their devs run a local instance in addition to the main repo, it was that light.
Gitea is the former go to, but gitea was hijacked and stolen from the community by a for profit company. Forgejo is currently a drop in replacement fork, but with added privacy features, future federation options, and a reputable parent organization.
Given the ease of implantation of end to end encryption now, it’s a reasonable assumption that anything not e2ee is being data mined. E2ee has extensive security benefits, for example even if your data is dumped the info is still useless. So, there has to be a compelling reason to not use it.