YunoHost “packages” are just scripts. In the case of Lemmy, Lemmy_ynh’s install script actually fetches the Lemmy Docker image and extracts the files (including pre-built binaries) from it. And then it writes the config files to use the system Psql instance instead of a containerized version.
FWIW I don’t care how YunoHost installs the apps. Whether it’s fetching and running containers, or building from source, or grabbing binaries. As long as the apps work and the reverse proxy gets wrangled it’s fine with me. Just in this case refusing to run the Docker images directly is, at least momentarily, a problem for updating the app.
But do we need some kind of SSO layer with DID verification? All I need to prove my identity anywhere, technically, is my private+public keypair. As long as I hold on to this keypair, distribute it between apps/computers, back it up, I could log in anywhere on a federated platform and use it.
I hope we’re going to see key-based decentralized identity on ActivityPub at some point… Having accounts tied to instances is just not very robust or scalable.