We're phasing OStatus out of Mastodon (we've supported it 2 years longer than we've used it) which removes a lot of cognitive load from further development of features and maintenance #mastodev
There is a new optional feature in the master branch called authorized-fetch mode, which requires all fetches of ActivityPub resources to be signed, which in turn allows to reject fetches from domain-blocked servers.
Enabling this right now is not a great idea because current Mastodon versions don't sign all requests, so some functions would be impacted, a slow roll-out is advised #mastodev
π³π±
@Gargron I assume even with this enabled public posts can not be viewed by anyone running something other than mastodon? Or does it not effect public posts and one effects posts you share friends-only?
As always thanks for your hard work.
@freemo Public posts will remain viewable in the browser
@Gargron Ahh wonderful, thank you for all the info. Good luck. As always if i can help with anything just let me know.
@freemo No, followers-only posts are already enforcable. It's a way to make public posts enforcable. And no, signatures are a basic component of ActivityPub, so it's not a break away from standards.