Problem: A big chunk of both the readme and the startup output is
dedicated to configuration, which feels to me to be focused on
developers and advanced users rather than beginners who just want to try
using Oasis.
Solution: Move readme configuration info to its own file and hide all
config output (except one line) behind `--debug`. While doing this I
noticed that we're `require()`ing a few modules that we don't need
before setting `process.env.DEBUG`, which I've reorganized so that we
don't accidentally disable debug mode for those modules.
Problem: The install instructions in the readme contains quotes because
it has a `*`, but `#semver:` does what we need without the quotes. The
`docs/install.md` file also has some unnecessary complexity, like
cloning via SSH (only useful for maintainers), which I think we can
safely remove.
Solution: Change the install instruction and reorganize
`docs/install.md` to be more relevant to people who are installing from
source.
Problem: I thought `--no-optional` would just ignore our top-level
optional dependencies, but it ends up ignoring deep optionl dependencies
like sodium-native. We really want these dependencies if we can build
them.
Solution: Remove the `--no-optional` suggestion and add a note about
what to do if Sharp doesn't install correctly, which is very likely
since Termux doesn't have libvips available.
Problem: The Termux install is new and exciting and there isn't any
documentation on how to experiment with it.
Solution: Add some documentation like we've done with systemd and
Docker so that we can collaborate and figure it out in the repo!
Problem: It's hard to know who has worked on the project and who is
maintaining the project, for security and code of conduct issues.
Solution: Add AUTHORS and MAINTAINERS files to track who has contributed
code and mixed in their copyright (woo!) and keep track of who is
committed to maintaining the project and merging patches.
Problem: The roadmap should exist in the issue tracker, not the repo.
Solution: Since all of the roadmap items have been converted into
issues, we're now good to remove the roadmap from the repo.
Problem: I didn't really like random text posts from me being in the
readme, and the aspect ratio of the screenshot meant that it ended up
taking up lots of vertical space.
Solution: Use a wide screenshot of some concept art to keep it from
stretching vertically very far while still showing off the absolute
basics of Oasis.
Problem: I still haven't found any best practices for how to run HTML on
your domain without any security concerns. I feel reasonably confident
that our current security precautions mitigate any potential attacks,
but I want to be very up-front with any security mitigations that aren't
so common that they're boring and predictable. Resolves https://github.com/fraction/oasis/issues/5.
Solution: Add a document to describe our current security model and
mitigations so that we can point at it when asking friends to review the
model and ensure we don't have any holes.
This changes some phrasing for clarity and adds some helpful
explanations when you're publishing a comment or a reply.
This also fixes comments on replies, which were previously just being
added as a sibling reply. This doesn't really matter because it has the
same layout in the UI and it's also very rare, but it allows us to have
separate threads for each reply.