We provide cryptographic signatures for some ticket info and
comment details in the exported data. This can be used if you
re-import this dump into todo.sr.ht or into another instance
elsewhere to prove that the data is an authentic representation of
what each user had said.
For each ticket, the signature uses the
webhook signature process
after preparing the following JSON data as UTF-8:
{
"tracker_id": $trackerId,
"ticket_id": $ticketId,
"subject": $subject,
"body": $body,
"submitter_id": "$userId",
"upstream": "{{get_origin('todo.sr.ht', external=True)}}",
}
Comments use the same process with the following JSON data as UTF-8:
{
"tracker_id": $trackerId,
"ticket_id": $ticketId,
"comment": $comment,
"author_id": "$userId",
"upstream": "{{get_origin('todo.sr.ht', external=True)}}",
}
In each case, the resulting JSON is minified before being signed.
Signatures are only used for tickets and comments from users with
accounts; external users' emailed submissions are not signed.