Comment by bombcar
21 hours ago
I'm confused on what exactly we need to add to decentralized git to get where we want to be - if it's identities, why aren't we using what git itself supports (gpg keys; if someone has your private key, they are you no matter where)?
Or in other words, what specifically does GitHub "do" that can't be done by using git as a backing store?
As a project member, I want users to already be logged in to the bug tracker. The lack of friction, likely from being the network effect winner, is key. I know fossil has this, but people don't have their private keys in fossil, they (I) don't even have fossil installed.
Whatever happened to OpenID, anyway? That was supposed to be federated one-click login. If the problem is login, then only the login needs to be federated, and this approach leaves the rest of the system more flexible as sites can have different bug tracking features without becoming incompatible with the federation.
Apparently there are two competing ID federation setups, and a bunch of "login with Google/Apple/Facebook/ID.me" and nobody can agree on anything.
I think it's just nice to have things in a central place ; no one's really gotten decentralized tech right and things like discoverability, interaction, job running, etc. is really nice to have in one place.
Mastodon and email are the closest I've felt to a distributed system that works, but for oss stuff ... I think we're getting closer, but it's still a very hard problem to solve.
> gpg keys; if someone has your private key, they are you no matter where
how would you rotate such a key and still convince everybody that you are still you?
> Or in other words, what specifically does GitHub "do" that can't be done by using git as a backing store?
how would you build a social graph of follows/stars and what not using user-owned git repos as a backing store?
GPG key rotation is a known issue with solutions (hint: it involves multiple keys) - https://danielpecos.com/2019/03/30/how-to-rotate-your-openpg...
> how would you build a social graph of follows/stars and what not using user-owned git repos as a backing store?
I'm just spitballing and depending on how you want to display it, you may need more - but if I want to "follow" you I submit a signed commit to your "follow" repository, similar if I'm staring a repo; and then your system issues a signed commit back to my "followed" repo.
People need more than a VCS. A way to search all of open source project's code, issues, and pull requests. A way to distribute software releases for free. A way to share code snippets. A way to discover new projects. A way to see what your friends are working on. An issue tracker and pull request area that is easy for users to submit through.