~jacoscaz

Recent activity

Re: Supporting user groups/organizations on SourceHut 7 months ago

From Jacopo Scazzosi to ~sircmpwn/sr.ht-discuss

Hello Drew!

Thank you for giving us a chance to provide some feedback!

> User groups will use the ^ prefix, similar to today's ~ prefix

I like the fact that I would be able to instantaneously tell whether
a repository belongs to an organization or to a user.

> Group membership is divided into subgroups. […] by default
> there would be an additional subset called ^sourcehut/admins
> which defines who can modify group membership. […] other
> user groups can be added by admins as necessary. These
> groups can be fed into access control lists […]

Re: Contributions without a sr.ht account 1 year, 6 months ago

From Jacopo Scazzosi to ~sircmpwn/sr.ht-discuss

Hi.

This conversation is very interesting. I think there is quite a difference between anonymous web forms and email contributions. 

Accepting contributions via email would be not unlike using external identity providers for user authentication, such as allowed by OAuth and OpenID Connect, delegating the authentication process to trusted third-party systems. Therefore, supporting email contributions would still allow contributions to be associated to their submitters’ externally-managed identities, identified by their email addresses. The combination of DKIM + PGP would even offer a reasonable 2FA-compatible security framework.

With anonymous web forms, however, there would be no identities to tie contributions to. It would be impossibile to filter contributions based on anything else other than the contributions themselves, which I believe would represent a huge obstacle to the formation of chains of trust and successful delegation models.

Best regards,
Jacopo.

---

Jacopo Scazzosi