Git Forge Sovereignty Ranking

The highest composite score belongs to the base substrate itself. Git is already a distributed system, and its transport surface can remain almost absurdly thin: a restricted SSH account via git-shell or a simple CGI transport via git-http-backend. This creates a stack with no mandatory database, no imposed social layer, no monolithic forge runtime, and no requirement to outsource identity, collaboration, or discovery to a platform operator.

The model therefore rewards plain Git on sovereign deployability, topology, privacy posture, anti-synthetic independence, and attack-surface minimization. Every clone is already a full copy. Exit is native, not an afterthought. The “server” is optional ceremony rather than ontological necessity.

• Why it wins: minimal dynamic state, universal interoperability, native distribution, and maximum intelligibility.
• Why it does not score literally 100 everywhere: governance and culture are excellent but not organized around a single explicit anti-capture manifesto in the way Forgejo or SourceHut make certain political commitments explicit.

cgit is the archetypal minimal web face for Git: a fast C-based CGI front-end with a tight interface and little temptation to metastasize into an entire social platform. It reads existing repositories rather than replacing the Git substrate with a new ontology.

That is why it lands just below plain Git. It adds visibility and discoverability without importing the weight of issues, package registries, CI farms, internal social feeds, or API ecosystems that often become the true gravity wells of modern forge stacks. The official repository listing shows the current v1.3 release, reinforcing the health score without changing the fact that the real advantage comes from architectural narrowness.

• Core strength: minimal runtime surface and low conceptual complexity.
• Why it is not #1: it remains a presentation layer over Git rather than the substrate itself.

stagit takes the minimalism instinct one step further: generate the web representation as static files and stop there. The result is almost no runtime attack surface beyond the static file server itself. The underlying project page and live repository views at codemadness.org preserve the tool’s minimalist character while still showing current activity.

This is why stagit earns the strongest ATTACK score in the field. It loses a little ground on governance and health only because it is a smaller, more individual tool without the explicit anti-capture institutional structure of Forgejo or the more visible public-service posture of SourceHut. Architecturally, though, it is almost ideal for publication without platform accretion.

• Core strength: static output means almost nothing exists to exploit at runtime.
• Primary limitation: it is a publishing layer, not a social collaboration environment.

Gitolite does one thing that matters enormously in sovereign deployments: it adds fine-grained multi-user control without forcing a migration into a heavy forge stack. It sits on top of ordinary Git over SSH, which means the deployment remains legible, composable, and close to the substrate.

This preserves very high scores in deployability, decentralization, privacy posture, and anti-synthetic independence. It also avoids the “web platform as control plane” trap that larger forges often normalize. That said, because it is primarily an access-control layer rather than a user-facing collaboration environment, it sits at the top of Tier 2 rather than inside Tier 1.

• Core strength: multi-user coordination without database-heavy forge gravity.
• Primary limitation: collaboration ergonomics often require pairing with something else, such as cgit.

Radicle earns the highest decentralization score in the field because its network architecture is actually peer-to-peer rather than merely “self-hostable.” The protocol guide describes a gossip-based networking layer, and the user guide emphasizes storing social artifacts in Git alongside cryptographic verification. That is materially different from simply running a centralized forge on personally controlled infrastructure.

The score remains below the plain Git kernel because Radicle still introduces more moving parts, more conceptual surface, and less universal operator familiarity than Git over SSH or static publication layers. It is one of the strongest answers to centralized forge dependency, but it is not the smallest answer.

• Core strength: genuine peer-to-peer topology with Git-native collaboration artifacts.
• Primary limitation: more machinery and lower mainstream operator familiarity than the primitive Git stack.

SourceHut remains one of the clearest anti-platform statements in the field. The official site states, in plain language, that it offers absolutely no tracking or advertising, that all features work without JavaScript, and that there are no AI features whatsoever. The project also links its own free software source code directly from the main ecosystem and has continued publishing active updates through Q1 2026.

It sits just behind Radicle because the stack is multi-service and therefore operationally heavier than the primitive Git kernel. But it earns elite marks on privacy posture, cultural alignment, and anti-synthetic independence. The data-use policy update is especially notable because it explicitly forbids automated collection for training machine-learning models without permission.

• Core strength: principled anti-tracking, anti-JS, anti-ML posture paired with a serious FOSS development stack.
• Primary limitation: a more involved multi-service deployment than Forgejo or Git-only tooling.

Forgejo is the strongest “GitHub-like UX without surrender” option in the field. The project explicitly states that it is a self-hosted lightweight forge under the umbrella of Codeberg e.V., and its governance materials make the relationship between the contributor community and the non-profit custodian visible rather than obscured. The August 2024 update records the move to GPLv3+, framed as an anti–open-core drift safeguard.

Forgejo stays below Radicle and SourceHut because it is still a full web forge with a database, broad feature surface, and conventional single-instance platform shape. It scores higher than Gitea because governance and licensing have been deliberately hardened in the anti-capture direction, while still retaining practical deployability and a familiar interface.

• Core strength: the strongest community-governed GitHub-style forge in the set.
• Primary limitation: still a relatively large integrated forge stack compared with the kernel tools.

Codeberg is a democratic, community-driven, non-profit development platform operated by Codeberg e.V. and built around a Forgejo-based forge. Under almost any ethical reading, it is one of the strongest public service options available.

It nevertheless scores below self-hosted Forgejo because service alignment is not the same as infrastructure control. The instance may be principled, transparent, and socially valuable while still being someone else’s infrastructure, someone else’s moderation surface, and someone else’s jurisdiction. Under a sovereignty-first model, that distinction is decisive.

• Core strength: arguably the strongest public non-profit service option in the list.
• Primary limitation: hosted instance dependency remains real, even when the host is highly aligned.

Disroot describes itself as a platform based on freedom, privacy, federation, and decentralization, with “no tracking, no ads, no profiling, no data mining.” Its live services index includes a dedicated Git service, and the site’s navigation explicitly lists that service inside its broader privacy-oriented ecosystem.

The hosted-service penalty remains decisive here as well. Even with a strong privacy culture and public-service ethos, a sovereign ranking cannot treat a hosted collective instance as equivalent to a self-hosted core deployment. Public access to git.disroot.org is also fronted by an Anubis proof-of-work gate, which is relevant to the scraping-friction assessment even if it does not eliminate service dependency.

• Core strength: strong privacy/federation culture plus higher friction against indiscriminate harvesting.
• Primary limitation: the service remains external infrastructure rather than owned infrastructure.

Gitea still earns strong marks for being easy to deploy, lightweight by forge standards, and very alive as a software project. The official materials emphasize a free self-hosted service under the MIT license while also advertising Gitea Cloud and Gitea Enterprise offerings.

That broader product direction is exactly why the governance-and-license score lands well below Forgejo. The model does not treat this as a disqualifier—it is still a serious self-hosted forge—but it does treat it as a meaningful difference once anti-capture hardening becomes a first-order criterion rather than an aesthetic preference.

• Core strength: excellent deployability for a full-featured forge.
• Primary limitation: weaker anti-capture posture than Forgejo once governance and commercialization direction are weighted seriously.

GitBucket is open source, available under Apache-2.0, and straightforward to describe: a Git platform powered by Scala with easy installation, plugin extensibility, and GitHub API compatibility. That is a respectable offering, and the release history confirms it is still alive.

It scores lower because the stack is heavier, the plugin model widens the potential surface, and the project’s cultural center of gravity is not especially aligned with the privacy-maximalist, anti-synthetic, collapse-resilient kernel prioritized here. Nothing is wrong with it; it simply belongs to a different design center.

• Core strength: usable, extensible, still maintained.
• Primary limitation: larger runtime and weaker alignment with the smallest-possible sovereign base layer.

Apache Allura is a mature open-source forge implemented under the Apache umbrella. The official site describes it as a forge for source repositories, bug reports, discussions, wiki pages, blogs, and more, while the download page exposes current release artifacts and verification material.

The low ranking is not a judgment of legitimacy or maintenance quality; it is a judgment about stack mass. Allura is a comparatively large, integrated environment with many artifact types and correspondingly higher migration friction and attack-surface gravity. Under a model that prizes narrowness and composability, that is expensive.

• Core strength: serious, mature, well-defined forge platform with Apache stewardship.
• Primary limitation: the exact kind of large all-in-one surface the model is designed to discount.