RhodeCode works well for us.
As for your wishlist:
Low dependencies. In particular, no Ruby, PHP, Node.js or
Elasticsearch. No pretending this is big data; Git repositories that
are over 1 GB are broken by design.
RhodeCode uses Elasticsearch, which is great in our case, since we have legacy repos of 25+ Gb.
Good web-frontend for Git, with forking and pull requests. No code
editing in browser needed.
It has a neat UI, with in-browser code editing.
Issue tracking is a plus, but not a must (but usually, pull requests
implies some kind of issue management).
We use Jira, but I know that RhodeCode integrates with RedMine and a bunch of others tools.
Access control. At least on a repository level, preferably on a branch
level. Private and public repositories must be supported.
Control can be set at repository/branch/user group level. LDAP, Active Directory, 2-FA, etc. are supported as well.
Works with standard tools instead of all the fancy tool-of-the-day that disappear into oblivion in a year.
From what I know, it integrates with the most tools, which are now de-facto industry standard: RedMine, Jira, Slack, HipChat, etc.
Open-source. To ensure long-term viability, and I don’t have a budget
I could spend. Plus, using closed-source for open-source-development
is kind of bastardization, isn’t it? Real open-source — not one where
the backing company decides to make it a commercial tool next year.
RhodeCode CE (Community Edition) is free and open source, RhodeCode EE (Enterprise Edition) has a commercial license. From my point of view, the fact of having a commercial product is the best proof of long-term viability for an open source one.
