Feature request: Create keypair per user for signing federated requests #16717
Comments
|
I think this depends on secret store PR. |
techknowlogick
added
the
type/proposal
|
I've created #16834 as a dependency for this issue, as I intend to store the pub/priv key pair in this new table. The benefits include that when loading users objects we don't need to store the keypair in memory for unrelated tasks (an alternative would be to modify each query to only include what you need, but this is allows for more options in the future, and less DB migrations). |
|
I claim 2,500€ from the fedeproxy Gitea federation grant for the work I did to create this issue and implement the associated pull requests, where 25% will be split among the reviewers, and 25% will go to the project (via opencollective). @lunny / @lafriks do you approve this? (more info linked here: https://forum.fedeproxy.eu/t/howto-5-000-grant-earmarked-for-gitea-federation/330/17) |
|
Just noticed this issue and the associated PR and upcoming 1.16 release. Is there or will there be an option to turn off Federation? I don't really want this and don't see the point at all. Thanks 🙇♂️ |
Yes, it could be turn off via app.ini. [federation]
ENABLED = false |
|
@lunny Thank you! 🙇♂️ And finally could you explain to me why Gitea is integrating ActivityPub like I'm 5? Thanks! 😅 -- What "problem" are we setting out to solve here? 🤔 |
|
The feature is aimed to let users could keep their privacy data in they trusted Gitea instances but also could interactive with other Gitea instances from this Gitea instance. i.e. User A has an account at Gitea instance B, and he could fork repository C from another Gitea instance D. The forked repository E is only in B. Even if D is down. User A could still use the forked repository E. |
Please rest assured I'm not trying to argue against this feature -- I actually truly don't understand this whole ActivityPub / "Federation" idea, often the way I see it is it's a "solution" "looking for a problem". But that's my opinion. But... What you describe above... I have to wonder. Isn't this already possible even without ActivityPub? I can already go clone any Git repo I want from anywhere, no matter what platform, and "fork it". I mean this is basically how Git works. What am I missing here? |
|
The goal (as far as I understand it) is to be able to have communication between instances without having to really import the project in your Gitea. I'm not sure the @lunny's fork example is the best to illustrate that idea I would prefer this examples to show the interest of federation :
In a more global example, the point of it is to be able to do every possible action on your instance, but from another one (and so, no need to create new accounts, follow several websites, etc.) (it has better than mirroring all the issue/actions/etc. already scrapped from the other instance and not only git's commits) |
As a first step towards federation this issue, a small part of federation to be implemented would be to create an RSA keypair per user. Although signing http requests is not required by ActivityPub or ActivityStreams, many implementations verify/expect one.
What a PR would include:
I have most of a PR ready, and will have it done by the next videoconference, but the first step is creating an issue for the PR to link to.
Related: #14186 (comment)
cc: @pilou- (as agent of Loic)
The text was updated successfully, but these errors were encountered: