Closed nightpool closed 6 years ago
There's no need to convert ot Markdown, all I need to do is wget your report to this repo: https://gitlab.com/dustyweb/activitypub.rocks/tree/master/reports
I probably should remove the implementation reports directory in this repo.
Will pull it in in a few minutes! Thank you for your report!
Oh! It says don't pull yet, so I won't until we resolve those issues.
Okay, I think I have a couple concerns about the new implementation report—it doesn't include license, questions about open-source implementations, or notes on individual items. There are a couple of spec items we fulfill partially, or fulfill with additional restrictions, that I'd like to note down
Plus, as mentioned, the JSON doesn't reflect the implementation report completely since I was never prompted for some questions it marked as "N/A", but mastodon does support.
Hey @nightpool, you're right about those missing fields... in fact I had those in and then I commented them out because I didn't want to overwhelm contributors with fields and I could add it myself by looking at a source repo if provided. But since you noticed, I guess that means I should add it back in :)
lists "MUST: Performs delivery on all Activities posted to the outbox" as "[N/A]", which seems ... wrong
Nobody is doing an HTTP POST to the outbox
endpoint right? Because Mastodon doesn't implement ActivityPub's C2S API! But maybe it's conceptually confusing because there's the "abstract concept of submitting to the outbox" and then there's "doing an HTTP POST to the outbox". If I instead reworded to "submitted via HTTP POST to the outbox endpoint", would that be clearer?
Ah, sorry, I guess I was referring to stuff like "Utilizes to, bto, cc, and bcc to determine delivery recipients" that should still be a requirement, right?
I think I misread "outbox" for "inbox" in the one I quoted.....
Ah, sorry, I guess I was referring to stuff like "Utilizes to, bto, cc, and bcc to determine delivery recipients" that should still be a requirement, right?
"Sort of". The addressing should all be there for sanity's sake but really, if you're not using C2S, you could still deliver to individual inboxes without ever listing them... that sounds strange, but imagine a server is deciding recipients itself and effectively used the bcc
/ bto
fields. By the time the message was sent across the wire those would be stripped out. So if you aren't using C2S, it's much more of a server implementation decision of what inboxes to deliver to.
That said, if you deliver to sharedInbox
endpoints, the receiving servers would have to determine addressing based off of the to
and cc
fields...
ah, right. not everybody uses sharedInbox for everything. aah :)
(I ... we might not actually do anything differently with things delivered to /inbox rather then sharedInbox. I should look into that)
On Mon, Nov 13, 2017 at 8:02 PM Christopher Allan Webber < notifications@github.com> wrote:
Ah, sorry, I guess I was referring to stuff like "Utilizes to, bto, cc, and bcc to determine delivery recipients" that should still be a requirement, right?
"Sort of". The addressing should all be there for sanity's sake but really, if you're not using C2S, you could still deliver to individual inboxes without ever listing them... that sounds strange, but imagine a server is deciding recipients itself and effectively used the bcc / bto fields. By the time the message was sent across the wire those would be stripped out. So if you aren't using C2S, it's much more of a server implementation decision of what inboxes to deliver to.
That said, if you deliver to sharedInbox endpoints, the receiving servers would have to determine addressing based off of the to and cc fields...
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/w3c/activitypub/issues/271#issuecomment-344111057, or mute the thread https://github.com/notifications/unsubscribe-auth/AAORVxHtph2c5TAMwqOe6cgp4xzyvJulks5s2OakgaJpZM4QXApA .
Let me know when you think the report is good enough to be merged or if there's anything I can answer to help that along. I'm excited to get this on the implementation reports page!
Note that if you're okay with it, we can (and I think it's a good idea) also push up the current version as-is and that doesn't mean Mastodon's submission can't be iterated on. Would you be okay with that @nightpool or would you rather wait until we have all the loose ends tied up?
I think i'm fine submitting it now. Here's the about section:
Mastodon is a free, open-source, decentralized microblogging application with support for the ActivityPub and OStatus protocols. Built for global networks of close-knit communities, Mastodon puts social networking back in the hands of users.
Interoperability notes:
All actors must support Webfinger resolution, with a unique preferredUsername per host, so that they can be interacted with by other users. Posts to the inbox must be signed using the HTTP Signatures draft spec with a public key that can be fetched from the actor, using the publicKey object format from the WebPayments JSON-LD Security Vocabulary.
Added to the implementation reports page! Horray! https://activitypub.rocks/implementation-report/
@nightpool I'm not sure if you think I should close this now or not (depends on whether you think there will be some changes coming soon I suppose? We can always make changes) so I'm closing it, but if you think otherwise just let me know.
Not sure how to turn this into the markdown format, but this is the preliminary implementation report for mastodon: https://test.activitypub.rocks/download-report/ujyxdji36uc36s544wvzv5wztp6f5hvekgpfbi3bf7xluugeu2yq
There are a couple of security things I'd like to fix before this is finalized, and I'm not sure it's fully accurate (lists "MUST: Performs delivery on all Activities posted to the outbox" as "[N/A]", which seems ... wrong), but other then the spurious N/As, should be correct. I'd like someone to check my work though.
to
,bto
,cc
, andbcc
to determine delivery recipients.id
all Activities sent to other servers, unless the activity is intentionally transient.id
sid
s by responding to HTTP GET requests with a representation of the Objectapplication/ld+json; profile="https://www.w3.org/ns/activitystreams"
application/activity+json
Tombstone
(if the server is choosing to disclose that the object has been removed)