So, I understand a lot of people don't like the politics going on in America right now. Easy to sympathize with that. But that's a long, long, long way from then assuming that you can't host something on an american companies cloud or it's somehow at risk of some unnamed danger. A lot of google's cloud isn't even physically in the US. And even if it was somehow locked down (which AFAIK has never happened to a project like mesa... ever) then someone could just spin up a new server elsewhere without any real problems.

I'm not seeing the supposed risk here, just a lot of the same automatic reflexive complaints that pop up whenever anyone mentions google or microsoft.

Okay look, I hate Google too, but seriously guys? Just really?

As a developer the moment you push code to any public repository whether hosted by google or github or anyone else, you're handing over a ton of personal information. Your temporarily assigned IP address is the least of your worries and frankly a pointless addition to track.

Also sorry that I have to be the first to let you in on this open secret, but if you think that PRISM is unique to the US you know nothing about what's going on. Every major power in the world is engaging in mass surveillance over the internet. Even the Swiss are engaging in mass surveillance https://en.wikipedia.org/wiki/Onyx_(interception_system) and they don't even have any major enemies. It's just how the world works and the game is played.

The defense against mass surveillance is to ensure sensitive projects (such as encryption) are hosted in countries that refuse to share the take from their intel programs with the country you are based in or working against. If you are in China, a US server is fine because the US government won't risk disclosing sources and methods to China by sharing raw PRISM data with the MSS. If you are in the US and working on a cipher program that just got banned (or a website for sex workers), you need to host somewhere the local intelligence services don't work with the CIA, the NSA, and especially not the FBI. If the project is already known to be yours, you might have to abandon it. In that case you might be able to say, trade projects with someone else in the same situation while moving both abroad.

By comparison, if you are working on GNOME, CInnamon, KDE, XFCE, etc and not linked from there to a "sensitive" project, that your data may only be of use to these same agencies to the point that they may be using your software and want to know say, which commit to revert to avoid a nasty bug in their use case. Example: if a commit to Gedit caused it to crash whenever Chinese text was entered, anyone in the CIA or the NSA using Gedit to open intercepts from China's Great Firewall would need to build it locally with the offending commit reverted. If the devs got lucky someone there would use a sock puppet email to fill out an issue report or maybe even a PR with a fix for it. Since the PR would be no more than a few functions at most, and from an unknown account, code review would catch any malicious additions unless the project devs were really careless. It would be rather hard to say, insert a systemwide keylogger by replacing three lines of C coding in a text editor's source, especially with the further restriction that is must not be obvious to another skilled C coder. While "underhanded C" contests are held, programmers there are able to write the whole program from scratch, making it far easier to hide "extra" functionality.

You're sure wearing out that tinfoil hat, lol. Kind of sad, actually. The fact is, the Trump administration is far more freedom respecting than Obama's oppressive drone warfare spy-nation. More freedom respecting than Bush was as well. Trump is far more of a freedom respecting libertarian than his invasive spy-happy liberal predecessor. But facts don't matter to zealots, do they.

A man who rips children from their parents' arms at the border caring about FREEDOM? Only if you mean a "white-only" versions of "freedom!"

Trump is a gutter racist, the worst US head of state since Andrew Jackson, author of the Indian Removal Act that led to the Trail of Tears.

Yeah, it's so freedom-respecting that they didn't cancel a single surveillance program initiated by Obama administration (or before that).

Great and what project under the FreeDesktop.org banner does that apply to?

Oh you mean like Obama, and W, and Clinton who was the one to actually start the associated program because most of these children aren't actually with their parents and are instead victims of child sex trafficking and this was an attempt to stop it?

It's not politics. Net Neutrality is NOT politics, FCC crap rulings are NOT politics, government spying is NOT politics.

Politics would be "you should not host stuff in the US because Trump is a bad person", which is not what most people talked about here, presidents are mostly figureheads.

The issue is tracking user information and getting actual contributors in trouble, not denial of service.

Google's HQ is in the US, laws from the US apply.

Here's another open secret for you. Regulating the internet under the FCC rather than the FTC which is what people like you are conflating with "net neutrality" didn't actually create net neutrality, neither is giving control back to the FTC the internet apocalypse as you were led to believe. The idea that the one has anything to do with the other is nothing more than propaganda that way too many people just accepted whole heartedly.

T-Mobile is a huge example of breaching net neutrality while under the FCC's short reign, openly giving Spotify and Netflix fast lanes that they didn't charge data on in order to entice customers to switch to their service, and this was perfectly okay according to the FCC.

Of course it's politics. The democrats enacted it, so the republicans forced a repeal to it. Politics at it's finest.

More to the point, what does that have to do with anything about hosting Mesa on Google's cloud service? You realize they're already paying for that service, right? And it's the ISP's that can then charge extra or block it - something they can do whether it's on google's servers or hosted somewhere in Europe, or wherever. It's the US end-user using a US ISP that's affected, nothing to do with the servers location.

Ok, now you're really losing me. What kind of trouble could anyone get into by contributing to Mesa? And I hate to break this to you, but all the contributions are already tracked closely, by the projects themselves, for the purpose of copyright. If you're working on a public open source project, you aren't anonymous.

If the US somehow suddenly decides that Mesa is illegal (HOW??? WHY???), the location of the hosting service is going to be the very least of it's problems.

You seem to be really going to down a rabbit hole here where unspecified things lead to terrible consequences, but i'm not seeing a chance in hell anything like this is even remotely possible in the worst case scenarios.