this post was submitted on 21 Jun 2023
55 points (100.0% liked)
Fediverse
28549 readers
575 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If I hosted it myself, the trust is less of an issue. I meant joining a federated VCS instance.
Ah ok, but the idea is to give you flexibility. At the moment you can host your Gitlab instance, but your public projects on your instance can only be found by googling.
The idea behind federation in this case is to have public projects be discoverable across instances, that you can star a project, open issue and make pull request across instances.
Ignoring the public/private repo issue for the moment. Let's assume this is only for FOSS projects. How do solve the issues of Authorization and Recoverability?
In theory you could implement an allowlist instead of the current ban list that Lemmy and others use for Communities. But this raises a 2nd problem, recoverability...
If the instance that contains my account goes down how can I ensure that I can still contribute to my repositories? I could create accounts on multiple instances and authorize all of them, but this increases the attack surface of someone gaining access to one of my accounts. At least with a centralized backup like GitHub, should I forget my password I at least temporarily have my SSH/GPG keys. And if I lose my SSH/GPG keys I still have my GitHub account to upload new ones to. Maybe a variation on ActivityPub could be created that uses SSH/GPG keys instead of an account name?
So maybe not unsolvable but at least some very interesting problems to solve first.
Yes, those are some good points. I do not feel like they are unsolvable though.