Magnus on Nostr: So if packages on zapstore is signed by devs, it's ok. If signed by zapstore I really ...
So if packages on zapstore is signed by devs, it's ok. If signed by zapstore I really hesitate.
All these middlemen are vulns and an attack surface.
Published at
2025-01-15 11:31:29Event JSON
{
"id": "52e6f0c8de4c283ffc4846716e2f1b089283fc7c4e1ace8d0b76bb41ba2fc7b1",
"pubkey": "7de24b6373777d4b04b9bcc0f21b5d9c3ac75bbf5265152d63d64358edf42e63",
"created_at": 1736940689,
"kind": 1,
"tags": [
[
"e",
"ee7b1ad6ede718bc0eedbdb3c84b9e30070b11e72007dfd09ac204b8e355ee93",
"",
"root"
],
[
"e",
"df93f2e4f0efa1e76c37fa0a7eb72fef1b6e92520c8ee460c4cc46be50b82068",
"",
"reply"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
],
[
"p",
"7de24b6373777d4b04b9bcc0f21b5d9c3ac75bbf5265152d63d64358edf42e63"
]
],
"content": "So if packages on zapstore is signed by devs, it's ok. If signed by zapstore I really hesitate.\nAll these middlemen are vulns and an attack surface. ",
"sig": "4cdfbf325ca296e77457ed4bc69b0f780f00d5ff81a883fdb9f9e3a66f7b23457ec40347d0bd93420739a4bddb1ae4d3b8a611b889517c22194248317f16bdc4"
}