OStatus deprecation tracking issue
the OStatus support has been the subject recently of several embargoed issues.
i did an audit of the OStatus module today and concluded that making OStatus work with the same security guarantees as ActivityPub is probably unworkable.
on pleroma.site, 99th percentile of traffic is ActivityPub.
i think, accordingly, we should drop the OStatus support with the 2.0 release.
in IRC, @lambadalambda and @rinpatch seconded immediate deprecation of OStatus:
[12:01:11] <lain_soykaf> Good idea
[12:01:28] <lain_soykaf> We can turn ostatus on and off, right?
[12:02:00] <lain_soykaf> We should turn it off by default
and @lanodan noted that there is probably little interest in hardening OStatus in the same way as ActivityPub:
[14:03:34] <lanodan> I guess we have a pile of security issues with OStatus because basically no one really cares about doing some for OStatus
accordingly I believe the 1.1 release should ship with OStatus disabled, and then 2.0 should ship with it removed. this allows for instances who explicitly want OStatus to turn it back on or carry the modules themselves outside of the main repo.