So there’s no way for feddit.dk to translate into a Lemmy style upvote?
This is in fact how Feddit.dk knows that the Like came from mastodon.social at first. The problem is that the signature is a HTTP Signature which is only associated with the HTTP request that mastodon.social makes to Feddit.dk. It is not on the Like object itself. Thus that signature can’t be transferred to the Like object if Feddit.dk wanted to share it further.
finickydesert@lemmy.ml 2 months ago
SorteKanin@feddit.dk 2 months ago
There’s not such a thing as a “Lemmy style” upvote. It’s all Like objects under the hood shared via the ActivityPub protocol. But ActivityPub has no mechanism for sharing an activity further than the original receiver (i.e. forwarding from A to B to C and so on). It’s really only made for direct sharing from A to B.
finickydesert@lemmy.ml 2 months ago
Ohh so the object doesn’t change at all through the process. I see the difficulties
skullgiver@popplesburger.hilciferous.nl 2 months ago
[deleted]SorteKanin@feddit.dk 2 months ago
That would still be directly from one server to another server. I.e. from A to B and from A to C. But forwarding is a different matter, i.e. A sends something to B which sends it further to C. There’s complications with signatures and verification in that case and it’s less clear how to handle that.
muntedcrocodile@lemm.ee 2 months ago
So we need to convince the mastodon devs to change it so the signature is on the like object itself.
SorteKanin@feddit.dk 2 months ago
Unfortunately it is not that easy. It’s not Mastodon that places the signature like that, it is the ActivityPub protocol. Lemmy, Mastodon and all other ActivityPub instances do it this way. You’d need to extend or change the protocol to somehow fix this. That is not easy and not something that will be done overnight.
muntedcrocodile@lemm.ee 2 months ago
Of fucking course they did it that way. If i where to hack sonthing together u could also just quote the entire request signature and all and forward it.
skullgiver@popplesburger.hilciferous.nl 2 months ago
SorteKanin@feddit.dk 2 months ago
Yes, fetching the URL directly would be a way to verify it. I don’t know if Lemmy currently does that. In any case, it seems very round-about.
skullgiver@popplesburger.hilciferous.nl 2 months ago
SorteKanin@feddit.dk 2 months ago
If you have a signature you can also sign the contents, so you wouldn’t need to download the content. But AFAIK ActivityPub has no mechanism for including signatures in objects as it is right now. There’s only HTTP signatures, which aren’t on the object itself.