DanConwayDev on Nostr: zap.store shouldn't be listed as a maintainer of a project because it doesn't make ...
zap.store shouldn't be listed as a maintainer of a project because it doesn't make decisions about what code is or isn't included in a release. However, if it decided to take on a role like f-driod, it could issue a app profile for some apps, review releases produced by the project to check for undeclared trackers and malicious code, build from source and issue their own releases for an app.
Curator sounds great! In reality, most applications aren't reproducible and we are trusting the issuer that they built from source and didn't introduce any vunerabilities in the process. In fact, most applications aren't opensources so we are trusting the issuer even more.
Having trust atestations against app profiles and pubkeys that issue them are the most important and useful sort. Curator is a really good choice of word to describe this.
Curator sounds great! In reality, most applications aren't reproducible and we are trusting the issuer that they built from source and didn't introduce any vunerabilities in the process. In fact, most applications aren't opensources so we are trusting the issuer even more.
Having trust atestations against app profiles and pubkeys that issue them are the most important and useful sort. Curator is a really good choice of word to describe this.