sourcehut is a network of useful open source tools for software project maintainers and collaborators, including git repos, bug tracking, continuous integration, and mailing lists.
So instead of signing up (which is literally two clicks with Oauth2), you prefer forcing people to use a system that is monopolized by Google and practically unusable without depending on some large corp?
If Sourcehut had at least some alternative way of using it, but email is the only way for pretty much all of its main functionality.
Does email really monopolized by Google? I mean there are many other feature-rich email providers out there. There are even privacy-conscious like Proton Mail.
That makes it only marginally better. Compared to other ways to provide accounts, email is significantly more monopolized and centralized on a few large players and/or for-pay services.
For a service like Sourcehut that claims to be an alternative to centralized services that is just hypocritical especially since they do not offer to host email themselves.
Maybe (I read that too), but that they went through all the trouble setting up an IRC bouncer and point it at the more or less centralized libera.chat IRCd doesn’t make me very optimistic that they even understood the core problem with email and centralisation in general.
Well, because you sign up to a mailing list it won’t reject your email if that is your concern. But besides that, you could fork the project to github and then email the list asking for a review of your branch.
Realistically any substantial PR would need to be reviewed locally anyway. Just viewing a diff online is not enough
Investing in a process to submit patches via email will allow you to use more than just Source Hut
I thought you were giving out to email being a terrible UX, sorry i didn’t address your OAuth2 comments
I self host my email. You are right, some providers do mark it as spam without reason, for example outlook.com is doing that right now. But I can’t see OAuth2 as being a solution, presumably you need a google/microsoft/facebook/twitter account to use it? Not exactly, sure how that has sidestepped the monopolies? Is it possible to self host your own OAuth2 provider and log into GitLab?
If all forges required OAuth2 then it would create an identity cartel. With the way OAuth2 works (requiring service providers to choose which identity providers to accept) it would be arguably worse for federation than using email, I have yet to encounter a registration page that refuses email addresses
The big difference is that Oauth2 is usually optional and you can also easily host your own Oauth2/OIDC provider (Edit: but the client, Gitlab.com in your example would need to add your provider, so that is less practical), so while it is true that the usual Oauth2 providers are Google/Github/Twitter etc. this is just a convenience feature to make it seamless to sign up and is not forcing anyone to do so like in the case of email and sourcehut.
Obviously if a service would force you to sign up only via Google’s Oauth2 that would be about as bad as Sourcehut forcing you to use email.
Oh and requiring email once for signup only is a lot different from constantly requiring it to use almost the entire service, as Sourcehut does. A self-hosted email can easily receive the necessary confirmation email (sending emails is what causes the problems), or you could use some anonymous one-time use email service.
When using SourceHut, you email their servers, then they readdress the email before sending it on to the subscribers of the email list. This is done to support SPF authentication of the emails. Most modern mailing lists work this way to make spam detection easier.
SourceHut is responsible for monitoring their DMARC reports and ensuring email delivery
So instead of signing up (which is literally two clicks with Oauth2), you prefer forcing people to use a system that is monopolized by Google and practically unusable without depending on some large corp?
If Sourcehut had at least some alternative way of using it, but email is the only way for pretty much all of its main functionality.
Does email really monopolized by Google? I mean there are many other feature-rich email providers out there. There are even privacy-conscious like Proton Mail.
That makes it only marginally better. Compared to other ways to provide accounts, email is significantly more monopolized and centralized on a few large players and/or for-pay services.
For a service like Sourcehut that claims to be an alternative to centralized services that is just hypocritical especially since they do not offer to host email themselves.
Btw I read somewhere that the main dev wants to provide email in future. Not sure that this is really in plans.
Maybe (I read that too), but that they went through all the trouble setting up an IRC bouncer and point it at the more or less centralized libera.chat IRCd doesn’t make me very optimistic that they even understood the core problem with email and centralisation in general.
Well, because you sign up to a mailing list it won’t reject your email if that is your concern. But besides that, you could fork the project to github and then email the list asking for a review of your branch.
Realistically any substantial PR would need to be reviewed locally anyway. Just viewing a diff online is not enough
Investing in a process to submit patches via email will allow you to use more than just Source Hut
I don’t think we understand each other. At least your response makes no sense at all to me.
Imagine for a second you didn’t have an email account. How would you use Sourcehut? And then think about how to get an email account.
I thought you were giving out to email being a terrible UX, sorry i didn’t address your OAuth2 comments
I self host my email. You are right, some providers do mark it as spam without reason, for example outlook.com is doing that right now. But I can’t see OAuth2 as being a solution, presumably you need a google/microsoft/facebook/twitter account to use it? Not exactly, sure how that has sidestepped the monopolies? Is it possible to self host your own OAuth2 provider and log into GitLab?
If all forges required OAuth2 then it would create an identity cartel. With the way OAuth2 works (requiring service providers to choose which identity providers to accept) it would be arguably worse for federation than using email, I have yet to encounter a registration page that refuses email addresses
The big difference is that Oauth2 is usually optional and you can also easily host your own Oauth2/OIDC provider (Edit: but the client, Gitlab.com in your example would need to add your provider, so that is less practical), so while it is true that the usual Oauth2 providers are Google/Github/Twitter etc. this is just a convenience feature to make it seamless to sign up and is not forcing anyone to do so like in the case of email and sourcehut.
Obviously if a service would force you to sign up only via Google’s Oauth2 that would be about as bad as Sourcehut forcing you to use email.
Oh and requiring email once for signup only is a lot different from constantly requiring it to use almost the entire service, as Sourcehut does. A self-hosted email can easily receive the necessary confirmation email (sending emails is what causes the problems), or you could use some anonymous one-time use email service.
When using SourceHut, you email their servers, then they readdress the email before sending it on to the subscribers of the email list. This is done to support SPF authentication of the emails. Most modern mailing lists work this way to make spam detection easier.
SourceHut is responsible for monitoring their DMARC reports and ensuring email delivery