I think this might be interesting:
- permit separate, low-traffic, highly rate-limited, auth-only servers. They would be strictly rate-limited and only accept connections from whitelisted partner servers, because they only handle auth.
- any partner server can authenticate a user and handle content for the server/auth-server pair, but only does so under certain conditions (determined by the partner - all the time, when ping api call > n seconds, or manually, for example)
- [email protected] can’t log in, so the client tries the list of partnered servers. user succeeds at lemmy.partner.net.
- [email protected]@partner.net says… ‘…something’ and all other servers accept it as being from [email protected]
- lemmy.world recovers, and claims all of the @[email protected] posts. Partners then forget the extra stuff they’ve been hosting.
A lot of those issues of ‘multiple primaries’ can be resolved with intelligent data types and actions. That is, if we have a notion of how the data is organized, a lot of decisions can be made a priori. Ones that can’t can be read-only during a split.
Comment groups are mergeable sets. Any unique comment is a valid comment.
For any individual comment, any tombstone causes a comment to be unseeable (and ideally be deleted). Any edits are latest-wins.
A lot can be sorted out that way - enough to be usable. Some databases even support that on a db level.