Not just them. For example, Qt self hosted cgit got ddos just two weeks ago. No idea why random open source projects getting attacked.

> in the past 48 hours, code.qt.io has been under a persistent DDoS attack. The attackers utilize a highly distributed network of IP addresses, attempting to obstruct services and network bandwidth.

https://lists.qt-project.org/pipermail/development/2025-Nove...

DDoS are crazy cheap now, it could be a random person for the lulz, or just as a test or demo (though I suspect Codeberg aren't a bit enough target to be impressive there).

Big tech would be far more interested in slurping data than DDoS'ing them.

An issue with comments, linked to a PR with review comments, the commit stack implementing the feature, and further commits addressing comments is probably valuable data to train a coding agent.

Serving all that data is not just a matter of cloning the repo. It means hitting their (public, documented) API end points, that are likely more costly to run.

And if they rate limit the scrappers, the unscrupulous bunch will start spreading requests across the whole internet.

>The only party I can think of would be Github.

I think it's not malice, but stupidity. IoT made even a script kiddie capable of running a huge botnet capable of DDoSing anything but CloudFlare.

> Who would have an incentive to spend resources

That's not how threat analysis works. That's a conspiracy theory. You need to consider the difficulty of achieving it.

Otherwise I could start speculating which large NAS provider is trying to DDoS me, when in fact it's a script kiddie.

As for who would have the most incentives? Unscrupulous AI scrapers. Every unprotected site experiences a flood of AI scrapers/bots.

its easier for MS to buy codeberg and close it than to spent time and money to DDOS things