Braydon Fuller on Nostr: Better, however a supply chain attack on a dependency could leak passwords even from ...
Better, however a supply chain attack on a dependency could leak passwords even from a signer. It also makes the maintainer of the signer app a larger target, ultimately multisig deterministic builds and releases help with that.
Published at
2024-10-25 17:01:08Event JSON
{
"id": "19fdf884df0f27b90218540755b1b7608187ba7a156e713dc088255fe4467aaa",
"pubkey": "1bf9f239dca1636149bc2f3fc334077ae959ea9607cacf945ef8f8bb227dc5e1",
"created_at": 1729875668,
"kind": 1,
"tags": [
[
"e",
"3169146c22d4dd75ee8486afd6a163c95e63156729eb76ca93b0b8d2c4608ea7",
"",
"root"
],
[
"e",
"00246e7c3cf0a4a43a2afbc797c9aec6b0986cf34654a4cc80fe106aa43717d2",
"",
"reply"
],
[
"p",
"97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322"
],
[
"p",
"edb470271297ac5a61f277f3cd14de54c67eb5ccd20ef0d9df29be18685bb004"
]
],
"content": "Better, however a supply chain attack on a dependency could leak passwords even from a signer. It also makes the maintainer of the signer app a larger target, ultimately multisig deterministic builds and releases help with that.",
"sig": "05984af493434d6b745886a7707568ef4cc644d26577104dd44e9483d3bae5ccf19563c96b368887194a589c57d90ff2259ae5dab1ee23333d9922465c2bfdae"
}
