Thanks, everyone, for the feedback on the matter! The concerns are clearer to me now, and I've given this a bit more thought.
> it's important to specify how the moderation capabilities are.
My initial idea was to use a configuration like this (with some parts
stripped):
```
[server]
max_content_length = "20MB"
[paste]
random_url = { type = "alphanumeric", length = 6 }
mime_blacklist = [ "application/x-dosexec", "etc"]
default_expiry = "1h"
delete_expired_files = { enabled = true, interval = "1h" }
```
This would mean that, for example, we would allow certain file types with a
maximum size of 20MB, and files would be deleted after 1 hour.
Additionally, there is a `delete_tokens` option, which makes it possible to
delete files remotely.
> I'd like to see a proper moderation tool, as well as a native way to
report a violation, so it's easy to moderate.
I think a config like above would be plausable for **quickly** sharing
files, which is what `rustypaste` is designed for. If we go beyond that, we
might need a more complex service, which would require more effort to set
up and maintain.
> On top, I'd like to see this being connected to our keycloak via OIDC as
an identity provider, much like Ubuntu One does, not allowing arbitrary
unauthenticated use.
`rustypaste` does not yet support OIDC:
<https://github.com/orhun/rustypaste/issues/286>
It was intended to be self-hosted very quickly and easily—and frankly,
I've never needed such a feature myself.
> I don't really want to exhaust our devops team even more with such tasks,
and we also had reasons to lock down our hedgedoc to a staff only service.
I hear you; the legal side of things should be well thought out before
proceeding with this. The only thing I'd like to add here is to maybe
reconsider the idea with the configuration above. Perhaps using aggressive
retention and soft-launching this in the first stage would be a good
experiment. I'm all for implementing OIDC logins if we decide to go further
with this.
> For users there are plenty of pastebin alternatives, for staff we can use
md.archlinux.org to share notes, pastes.
Most of the options out there are not quite reliable. The reason I don't
use md.archlinux.org is that it feels like too much effort just to share a
file. Also, I'm not sure if I can use it in my shell scripts. (For example,
I have a function that captures the screen and uploads it to a pastebin
service.)
> Something public is a pain because unfortunately there are many people
who do not respect.
People are people; we can't change that. There are many public services out
there, and I would be up for the challenge of maintaining one for Arch
Linux.
> I agree, too. If it should be only for Arch Linux users, we can add a
validation question like the one in the forum's log in page.
That's a good/fun idea :)
Let me know what you think!
OpenPGP_0xF83424824B3E4B90.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
