Filippo Valsorda :go: on Nostr: Even better, they could put all pushes in a transparency log, and provide inclusion ...
Even better, they could put all pushes in a transparency log, and provide inclusion proofs, so there would be accountability for their central authority too.
Then we could make reproducible builds that include a tlog inclusion proof showing a binary was built from what was verifiably pushed to GitHub.
All without making any developer manage any keys.
Published at
2023-06-06 11:38:36Event JSON
{
"id": "70d33b1919cc523b69e1036784b8d16f5eac87e82cffa1f90263bf2f0c0321a0",
"pubkey": "75c4441558d260c0ca589ce8fa89fd5052eccf0b09fca823796810a986ad1c8e",
"created_at": 1686051516,
"kind": 1,
"tags": [
[
"e",
"f5615ea8f18e39a756a152f7a44f000e7b5b2d35b587866b1b0ff3bb25800316",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://abyssdomain.expert/users/filippo/statuses/110497072193804210"
]
],
"content": "Even better, they could put all pushes in a transparency log, and provide inclusion proofs, so there would be accountability for their central authority too.\n\nThen we could make reproducible builds that include a tlog inclusion proof showing a binary was built from what was verifiably pushed to GitHub.\n\nAll without making any developer manage any keys.",
"sig": "a2b001bfddeb4aa437802778ee50ab1524cac65cecd473a6a010814116b106879bf36a048f921ed9d926cf541c97269145bdbe1fbcfe003c0fc93569ef628fdf"
}
