Here are the milestones and payouts we agreed on with NLnet.
- All payouts will be split 50:50 between /u/dessalines and /u/nutomic
- Milestone ordering is only for reference, they may be completed in any order
- Total amount: 45.000€
1. Federation feature complete
Nearly all back-end activitypub actions (voting, commenting, posting, etc) complete.
Amount: 4500€
Tasks
- Community updates: make sure nsfw and sidebar changes propagate
- Federate post::stickied
- Fetch all inreplyto objects: #694
- Proper CommunityFollower forwarding: #662
- In all the receives, in addition the the signature verify, do a check to make sure they are actually allowed to do the action.
- Remove options like “make mod” or “make admin” for remote users
- Create a “linked instances” page (from the whitelist)
- Issue link (everything left under Backend -> Features, and Frontend)
2. Security
Various security-related checks for federated activities completed.
Amount: 6000€
Tasks
- Ensure URLs start with https:// and verify attributedTo, ID and pubkey URLs are from the same domain/actor
- Get rid of unwrap() in apub code
- Apply bans, slur filters, length checks etc to posts coming in over activitypub
- Go through all the TODO and see if there is anything important
- Implement instance blocklist
- Remove tags like <script> from federated html before rendering it (eg in embeds)
- Try to fix any remaining security issues
- Setup security@lemmy.ml address with PGP
- Issue link (Backend -> Security and Maintenance)
- Once this is finished we should be ready for a production release (but we might wait until things like tests are finished)
3. Refactor Rust code
Refactor rust code to use new activitystreams library, and clean up technical debt.
Amount: 3000€
Tasks
- Abstract API code to be able to use federated authentication, not just JWT auth. #653
- Migrate to asonix’ new activitystreams library
- Split the code into seperate crates, like lemmy-database, lemmy-api, lemmy-apub
- Speed up compilation time
- Address technical debt
- Issue link
4. Documentation for ActivityPub implementation
Complete documentation for other activitypub implementors, based on communities.
Amount: 2250€
Tasks
- Describe how we are using ActivityPub
- Different documentation targeted at developers, admins and users
- Explain how instance blacklist/whitelist works (doesn’t affect data that was already federated before)
- Add activitypub json outputs to docs
5. Tests for ActivityPub implementation
Complete integration tests for all activitypub actions.
Amount: 3000€
Tasks
- Split integration tests into multiple files, extract helper functions
- Extend integration tests
- Add tests for malicious behaviour (eg invalid http signature)
- More unit tests
- Add integration test that verifies ActivityPub sending/receiving (using raw json)
- Look into using FediDB
- Issue link
6. Rework Caching / Views
Complete more efficient caching system, since materialized view refreshes are currently locking reads.
Amount: 2250€
Tasks
- Rework materialized views into fast tables. #606
- Rewrite all SQL triggers to fill fast tables.
- Do performance comparison.
7. Accessibility
Add accessibility tags to front-end components.
Amount: 1500€
Tasks
- Add aria tags to all front end components.
- Reach out to a community who can test other dynamic components (popups, etc).
- Implement results of NGI0 Accessibility review
8. Federated Moderation
Allow federated users to be added as moderators of communities on non-local instances.
Amount: 6000€
Tasks
- Ability to add community moderators that are users on other instances, who have full moderation abilities. IE, community mods don’t need to live on the same instance as the community. (This will be important later for private communities too)
- Federated moderation actions (ban, removes, etc)
- Ability to appoint federated moderators
9. Private Communities
Allow the creation of private communities.
Amount: 4500€
Tasks
- Private communities #187
- Communities have view, submit, vote, and comment priviledges.
- Add integration tests to make sure communities are properly invisible to non-approved users.
10. Private / Invite only instances
Complete private / invite only instances (currently all instances are public, and registration is open to the public). Amount: 4500€
Tasks
- Private / Invite only instances #209
- Add email verification
- Customizeable questionaire
11. Blocking Users / Communities
Allow users to block other users and communities.
Amount: 6000€
Tasks
- Users can block other users or communities
- If user A blocks user B, then all interaction between these users is impossible and they can’t see each other’s posts
- Also works for federated users / communities
- Issue link
12. Create a project website for Lemmy
Create a project website for Lemmy (similar to joinmastodon), with a project description and list of instances.
Amount: 1500€
Tasks
- Project description
- List of instances
- Issue link
13. Additional search functionality
Add additional functionality to Lemmy’s search page, such as community and category filtering, and url searching.
Amount: 2250€
Tasks
- Add community filtering for posts, comments
- Add category filtering for communities
- Add URL search type
- Issue link