@roka @bandali

yes, we have been talking about it for some time. there was in fact, quite a bit of speculation about whether Mastodon or Pleroma would do it first. it turns out Mastodon did it first as part of general refactoring work ahead of 3.0 release.

OStatus has a lot of design flaws that make it extremely difficult to implement in a secure way. there are numerous embargoed bugs that affect Pleroma's OStatus implementation as well as Mastodon's and GNU Social's.

these bugs exist because OStatus is unnecessarily complex.

and, frankly, we can't move forward on security in any serious way as long as there is a gaping hole that can be used to bypass (the pending 1.0.3 release fixes two protocol downgrade attacks that other implementations are also vulnerable to)

we do plan to keep OStatus support in the 1.x tree, which is likely to remain supported for some amount of time, but 1.1+ will have OStatus turned off by default.

2.0 will remove OStatus entirely from mainline (but if people want to maintain the modules out of tree, that should be easy enough)