Jennifer Moore
Jennifer Moore
These are good questions, and I'll have more thoughts later. But first, I want to clarify this > Currently a fair amount of text is printed to STDOUT via the...
>5. Further user gating > >Should the server support creating additional accounts beyond the initial admin account? Presumably with invite codes? Are these also for admins? Do non-admins have the...
To answer the initial question, yes the server needs to know it's own host name, so that it can construct activitypub object IDs. But I agree, it's more secure to...
>What Password strength measures should be enforced? Good question. The default config enforced by aspnet ID is based on character classes and length. I think it requires each of uppercase,...
Since a lot of these questions are generally about secure practices, I'll offer that I want to aim for secure defaults. If a new admin does nothing to disable things,...
> how much of this security hygiene should be _working_ as part of the initial release? how much of it should be _enforced_ as part of the initial release, if...
Yeah, definitely. I would like if we could do that selectively. I personally like to have camera settings, for example. Or at least look for and preserve descriptive text before...
I really don't have any good ideas (or even bad ideas) for how to build out a plugin architecture. I worry it's premature at this point. But, if you can...
Uh, maybe? How are you thinking it would be tracked? Just in the invite url? If so, it's hard to imagine that would work before we have our own UI....
We'll need an invite model either way, because we'll need something to generate and store server-created unique tokens for the invite. That also needs to track who created the invite,...