• 0 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle











  • My SSH auth uses SSH keys stored in authorized_keys, but I see your point. For me, OpenLDAP will be letting users in to the various services and SSH is outside that. I suppose SFTP could be something I want, but I’d be tempted to put a new sshd inside a container and have it more restricted than the system one.

    I think the backup key idea is definitely the most broadly applicable, but there’s physical/KVM for a more old school access route.


  • Yeah, I wasn’t arguing, just thinking out loud too. I think the whole decentralised aspect of the fediverse means that ownership has to have a cryptographic answer because there’s no central source of truth that everyone can agree on.

    I think moving accounts is a little easier than you think, apart from who gets to say that something should move. It’d be better to have a “pull” than something like the “push” solution that currently exists on Mastodon - there you can forward an account to a new place, as long as the old instance exists and cooperates (big ifs).

    I’m mostly thinking about moving accounts (+ communities) in the case of when an instance suddenly vanishes.


  • Posts and comments have a canonical URL (i.e. the original submission’s URL that’s linked to via the Fediverse pentagram), so that can be used as a foreign key when comparing.

    I think identify claiming would need to have been designed into the original spec with something like a public/private key for account ownership to allow moving of related data in a safe way, or e.g. editing a post from a different instance than originally posted it.