| ▲ | nerdypepper 3 hours ago | |
> gpg keys; if someone has your private key, they are you no matter where how would you rotate such a key and still convince everybody that you are still you? > Or in other words, what specifically does GitHub "do" that can't be done by using git as a backing store? how would you build a social graph of follows/stars and what not using user-owned git repos as a backing store? | ||
| ▲ | bombcar 3 hours ago | parent [-] | |
GPG key rotation is a known issue with solutions (hint: it involves multiple keys) - https://danielpecos.com/2019/03/30/how-to-rotate-your-openpg... > how would you build a social graph of follows/stars and what not using user-owned git repos as a backing store? I'm just spitballing and depending on how you want to display it, you may need more - but if I want to "follow" you I submit a signed commit to your "follow" repository, similar if I'm staring a repo; and then your system issues a signed commit back to my "followed" repo. | ||