DanConwayDev on Nostr: I really like this as a solution. Here are some thoughts: 1. Projects may be ...
I really like this as a solution. Here are some thoughts:
1. Projects may be resistant to embedding repository metadata like this directly into the commit history. Perhaps this isn't a big issue issue. It would be interesting to gauge opinion on this.
2. All commits and merges that take over as the new tip must be PGP signed. This may be a barrier for some projects but potentially less so for projects that would be attracted to a more decentralized option.
3. The rules for transferring repository ownership must be resistant to a compromised PGP key but also a key loss by one maintainer.
4. It maybe hard to extract this information for other usages without the repo being cloned. For example a nostr client may want a list of maintainers for things such as issue and PR moderation.
We could write a git server that allows commits signed by maintainers to be written without authentication / user accounts.
1. Projects may be resistant to embedding repository metadata like this directly into the commit history. Perhaps this isn't a big issue issue. It would be interesting to gauge opinion on this.
2. All commits and merges that take over as the new tip must be PGP signed. This may be a barrier for some projects but potentially less so for projects that would be attracted to a more decentralized option.
3. The rules for transferring repository ownership must be resistant to a compromised PGP key but also a key loss by one maintainer.
4. It maybe hard to extract this information for other usages without the repo being cloned. For example a nostr client may want a list of maintainers for things such as issue and PR moderation.
We could write a git server that allows commits signed by maintainers to be written without authentication / user accounts.