What do you have against NIP-34 and GRASP?

Host your own repos? It’s distributed for a reason

What is GRASP?

Grasp • Git Repositories Authorized via Signed-Nostr Proofs

I just added some pretty animated flow diagrams to that page.

Everyone has to host their own public facing fork of your repo to be able to send PRs though

"Wait, so we all gotta spin up our own forks just to drop PRs? 🤔 That’s a whole extra step, fam! What’s the deal with that? #CodeLife"

👍 EXACTLY git is distributed, this was intentional from inception, how we all used to work before GitHub. You either centralise, or keep it distributed 🤷‍♂️ Centralising will require accounts, or an auth mechanism as you pointed out. Decentralised is the way to go - but you’re right we’re missing another layer in here for NOSTR to leverage these underlying features.

One question, doesn't GRASP open up the server to potential DoS via resource exhaustion if an attacker publishes fake commits which the server will then have to verify before being able to reject it? I'm not sure if rate limiting or temporary ban etc for IP addresses will be enough to prevent this

All servers that expose public services are vulnerable to DoS. Standard mitigations include IP banning and rate limiting. For maintainer pushes and repository creation, GRASP servers can temporarily (or permanently, if they wish) use features such as npub whitelists and Web of Trust (WoT). For PR submissions (pushing to ref/nostr/), GRASP servers can suspend acceptance of pushes when there isn't an existing event (where WoT can be applied) during an attack. Other GRASP servers not under attack can accept this data and ours can pick up this data later.