entropic-dev / entropic

🦝 :package: a package registry for anything, but mostly javascript 🦝 🦝 🦝
https://discourse.entropic.dev/
Apache License 2.0
5.29k stars 152 forks source link

Build federation on top of ActivityPub #319

Open jaywink opened 5 years ago

jaywink commented 5 years ago

Thanks for the interesting project! I tried finding notes regarding the actual federation protocol that would be used, but either couldn't find the right things or the decision has not been made yet.

Assuming the latter, may I suggest you consider ActivityPub as a base for the server to server protocol parts. The W3C backed protocol is flexible and well adopted in both the social networking world but also outside it. For example there is PeerTube which is a p2p video hosting platform that does s2s activity sharing over AP. Nextcloud has introduced AP for the social side of their platform.

When I say flexible, ActivityPub has built in support for extensions, which is what I would imagine a project like Entropic would make heavy use of. This would allow some limited compatibility without any extra effort to for example social applications to consume activities from Entropic (for example "package published", "version updated" etc.

Building a new protocol from scratch would not only leave you with solving all the basic problems of delivery and authentication, but also make Entropic fully not compatible with any other platform.

Another specification being worked on currently which hits closer to package managers is ForgeFed, a specification for extensions on top of ActivityPub for forges like GitLab, Gitea, Gogs, etc. See https://notabug.org/peers/forgefed/ and https://talk.feneas.org/c/forgefed

For technical information about ActivityPub: https://www.w3.org/TR/activitypub/