tuxmain/blindforge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
(Early WiP) Anonymize Forgejo repositories for scientific blind review
7 commits 1 branch 0 tags 173 KiB
  • Rust 90.3%
  • HTML 9.7%
Find a file
Exact
Pascal Engélibert 44c310ac11 Readme, Box leak, async mutex, repo URL parsing
2026-03-15 20:49:27 +01:00
src Readme, Box leak, async mutex, repo URL parsing 2026-03-15 20:49:27 +01:00
templates Readme, Box leak, async mutex, repo URL parsing 2026-03-15 20:49:27 +01:00
.gitignore Initial commit 2026-01-25 18:27:41 +01:00
Cargo.lock Readme, Box leak, async mutex, repo URL parsing 2026-03-15 20:49:27 +01:00
Cargo.toml Readme, Box leak, async mutex, repo URL parsing 2026-03-15 20:49:27 +01:00
example_config.toml Config TOML, CLI options 2026-03-14 10:50:03 +01:00
LICENSE Initial commit 2026-01-25 18:27:41 +01:00
README.md Readme, Box leak, async mutex, repo URL parsing 2026-03-15 20:49:27 +01:00
rustfmt.toml Initial commit 2026-01-25 18:27:41 +01:00

README.md

Blindforge

(The name may not be definitive.)

Git repository anonymizer for double-blind scientific review. Inspired by Anonymous GitHub but not tied to a centralized platform. It will allow to mirror public or private Git repositories from diverse platforms (Forgejo, and maybe Gitea, GitLab, GitHub...), removing any information leaking the author's identities or affiliations.

Early development: not usable yet.

TODO

  • Fetch repo from API
  • Repo caching
  • Submission form
  • Config
  • Repo serving
  • Replace words
  • Abuse report
  • Admin tools
  • Captcha
  • Rate-limiting and space quota
  • Expiration
  • Manual removal
  • Security tests (zip bomb)
  • Allow download
  • Markdown rendering

Design choices

Language: It would have been simpler to use good old PHP and SQL. But I have more fun with Rust.

Database: No database, because none needed. Persistent data are structured in directories and files. Metadata are written to files in a simple custom binary format. Advantages: simpler installation, easier portability, no dependency to a third-party nonstandard format (such as embedded databases other than SQLite).

Rust crates: I did not select the most famous crates (e.g. clap, toml, tokio). They are great and quite feature-complete, but also very big and we don't use most of their features. I instead carefully selected smaller crates with fewer dependencies but still satisfying our needs and with good (or better) performance.

AI: No generative AI was used. Any use of generative AI by contributors must be declared explicitly. AI-generated content that has not been reviewed carefully by the contributor will not be accepted. Contributing using AI with something the contributor does not have the skills to review correctly, is strongly discouraged.

TLS: Cryptographic libraries such as Ring, AWS-LC or Graviola are often more performant than OpenSSL. However, they are less often available as a shared library in Linux distributions. Embedding them statically takes storage and memory (each program has its own copy of a different crypto library, and the OS cannot optimize), and makes the program's maintainer responsible for security updates of the embedded library. As this project is very small, it is better to use your distribution's cryptographic implementation. Note: only the API client uses TLS. The user is responsible for setting up an HTTPS reverse proxy of their choice.

License

GNU AGPL v3, CopyLeft 2026 Pascal Engélibert (why copyleft?)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.