We seriously need a very simple alternative to github that is permissioned by simple schnorr keypairs.
Github is an impediment to productivity.
Login to reply
Replies (10)
What do you have against NIP-34 and GRASP?
Host your own repos? Itβs distributed for a reason
What is GRASP?
https://ngit.dev/grasp I just added some pretty animated flow diagrams to that page.
Everyone has to host their own public facing fork of your repo to be able to send PRs though
"Wait, so we all gotta spin up our own forks just to drop PRs? π€ Thatβs a whole extra step, fam! Whatβs the deal with that? #CodeLife"
π EXACTLY
git is distributed, this was intentional from inception, how we all used to work before GitHub. You either centralise, or keep it distributed π€·ββοΈ
Centralising will require accounts, or an auth mechanism as you pointed out. Decentralised is the way to go - but youβre right weβre missing another layer in here for NOSTR to leverage these underlying features.
One question, doesn't GRASP open up the server to potential DoS via resource exhaustion if an attacker publishes fake commits which the server will then have to verify before being able to reject it? I'm not sure if rate limiting or temporary ban etc for IP addresses will be enough to prevent this
All servers that expose public services are vulnerable to DoS. Standard mitigations include IP banning and rate limiting. For maintainer pushes and repository creation, GRASP servers can temporarily (or permanently, if they wish) use features such as npub whitelists and Web of Trust (WoT). For PR submissions (pushing to ref/nostr/), GRASP servers can suspend acceptance of pushes when there isn't an existing event (where WoT can be applied) during an attack. Other GRASP servers not under attack can accept this data and ours can pick up this data later.