• rusty@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I thought you were giving out to email being a terrible UX, sorry i didn’t address your OAuth2 comments

    I self host my email. You are right, some providers do mark it as spam without reason, for example outlook.com is doing that right now. But I can’t see OAuth2 as being a solution, presumably you need a google/microsoft/facebook/twitter account to use it? Not exactly, sure how that has sidestepped the monopolies? Is it possible to self host your own OAuth2 provider and log into GitLab?

    If all forges required OAuth2 then it would create an identity cartel. With the way OAuth2 works (requiring service providers to choose which identity providers to accept) it would be arguably worse for federation than using email, I have yet to encounter a registration page that refuses email addresses

    • poVoq@slrpnk.net
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      The big difference is that Oauth2 is usually optional and you can also easily host your own Oauth2/OIDC provider (Edit: but the client, Gitlab.com in your example would need to add your provider, so that is less practical), so while it is true that the usual Oauth2 providers are Google/Github/Twitter etc. this is just a convenience feature to make it seamless to sign up and is not forcing anyone to do so like in the case of email and sourcehut.

      Obviously if a service would force you to sign up only via Google’s Oauth2 that would be about as bad as Sourcehut forcing you to use email.

      Oh and requiring email once for signup only is a lot different from constantly requiring it to use almost the entire service, as Sourcehut does. A self-hosted email can easily receive the necessary confirmation email (sending emails is what causes the problems), or you could use some anonymous one-time use email service.

      • rusty@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        When using SourceHut, you email their servers, then they readdress the email before sending it on to the subscribers of the email list. This is done to support SPF authentication of the emails. Most modern mailing lists work this way to make spam detection easier.

        SourceHut is responsible for monitoring their DMARC reports and ensuring email delivery