• poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 years ago

    The big difference is that Oauth2 is usually optional and you can also easily host your own Oauth2/OIDC provider (Edit: but the client, Gitlab.com in your example would need to add your provider, so that is less practical), so while it is true that the usual Oauth2 providers are Google/Github/Twitter etc. this is just a convenience feature to make it seamless to sign up and is not forcing anyone to do so like in the case of email and sourcehut.

    Obviously if a service would force you to sign up only via Google’s Oauth2 that would be about as bad as Sourcehut forcing you to use email.

    Oh and requiring email once for signup only is a lot different from constantly requiring it to use almost the entire service, as Sourcehut does. A self-hosted email can easily receive the necessary confirmation email (sending emails is what causes the problems), or you could use some anonymous one-time use email service.

    • rusty@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      When using SourceHut, you email their servers, then they readdress the email before sending it on to the subscribers of the email list. This is done to support SPF authentication of the emails. Most modern mailing lists work this way to make spam detection easier.

      SourceHut is responsible for monitoring their DMARC reports and ensuring email delivery