It's actually possible to create a comment with any comment.subplebbitAddress and never publish it via pubsub to the sub owner, bypassing the sub owner, but you publish it to IPFS, and then you can seed your comment yourself, and if the user goes to /p//c/ directly, it will just download the comment, and it will appear to be part of the sub, even if it was never approved by the sub, or deleted by the sub.
this kind of sucks because it makes the comment appear like it's part of a sub, even if it's not actually part of a sub.
one solution could be to add a signature of the sub owner with the comment ipfs file, but that's not really a solution, because the sub owner needs to be able to change the plebbit public key in their .eth if they get hacked or transfer ownership.
also even if this was technically possible, another problem is that a post that was signed, but then purged, would have more trust, because it would have been signed once, but it's purged. even if it was possible for sub owners to sign comments, we would have to treat signed comments with as much distrust as an unsigned comment, because it could have just been purged.
the only solution I could think of is we dont show the subplebbit data like the subplebbit name, subplebbit sidebar, etc until the comment update has loaded (the comment update can and is already signed by the sub owner). UX wise this would mean the title, content and image of the post would load first pretty quickly, then after a few seconds the comment update would load, and the replies, upvote count, subplebbit sidebar / subplebbit name / avatar would all appear. if the post is purged or fake, the subplebbit data will never appear, so the user will know something is wrong with the post. after x amount of seconds, we can even show a warning that this post is either fake or purged.
this doesnt seem like that bad of a UX, since the user can start reading the post right away, and then a few seconds later the rest of the post appears. it seems annoying to implement though using the current hooks, maybe I need to make comment.subplebbitAddress only appear after the comment update is loaded, as it's unconfirmed until then.
another thing to consider is that maybe there is a usecase for publishing comments without a subplebbit address, and it would be nice for the frontends to be able to display those comments properly, maybe using /c/cid directly or /u//c/ though that's already being used to link to profile pages.
It's actually possible to create a comment with any comment.subplebbitAddress and never publish it via pubsub to the sub owner, bypassing the sub owner, but you publish it to IPFS, and then you can seed your comment yourself, and if the user goes to /p//c/ directly, it will just download the comment, and it will appear to be part of the sub, even if it was never approved by the sub, or deleted by the sub.
this kind of sucks because it makes the comment appear like it's part of a sub, even if it's not actually part of a sub.
one solution could be to add a signature of the sub owner with the comment ipfs file, but that's not really a solution, because the sub owner needs to be able to change the plebbit public key in their .eth if they get hacked or transfer ownership.
also even if this was technically possible, another problem is that a post that was signed, but then purged, would have more trust, because it would have been signed once, but it's purged. even if it was possible for sub owners to sign comments, we would have to treat signed comments with as much distrust as an unsigned comment, because it could have just been purged.
the only solution I could think of is we dont show the subplebbit data like the subplebbit name, subplebbit sidebar, etc until the comment update has loaded (the comment update can and is already signed by the sub owner). UX wise this would mean the title, content and image of the post would load first pretty quickly, then after a few seconds the comment update would load, and the replies, upvote count, subplebbit sidebar / subplebbit name / avatar would all appear. if the post is purged or fake, the subplebbit data will never appear, so the user will know something is wrong with the post. after x amount of seconds, we can even show a warning that this post is either fake or purged.
this doesnt seem like that bad of a UX, since the user can start reading the post right away, and then a few seconds later the rest of the post appears. it seems annoying to implement though using the current hooks, maybe I need to make comment.subplebbitAddress only appear after the comment update is loaded, as it's unconfirmed until then.
another thing to consider is that maybe there is a usecase for publishing comments without a subplebbit address, and it would be nice for the frontends to be able to display those comments properly, maybe using /c/cid directly or /u//c/ though that's already being used to link to profile pages.