@59c6c59c hmm, maybe that's fine then!
@f50dbb78 I think there is risk in folks adding fake actors if they can add arbitrary files to a site, but I'm hoping that querying the webfinger endpoint to verify would help there. Spoofing https certs and DNS might be a risk though? 🤷