Event JSON
{
"id": "e504389c7a1cfea72673663578b97a73d4947dde37175ad707194e906fae3e4b",
"pubkey": "a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d",
"created_at": 1720034518,
"kind": 1,
"tags": [
[
"e",
"7fba60aa1cd8232156992ed5fe69a5c5cdd201b4b8bf2ade5152291036b2f67f",
"",
"root"
],
[
"e",
"9c358118ed37902f2d3e0894a04d193d777107747005b9db96a8f1deb66e575d"
],
[
"e",
"ec6d74aa0a50f053785162c0f5f79729da07684af8f4c2d718a4654fcd14e833",
"",
"reply"
],
[
"p",
"a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d"
],
[
"p",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11",
"",
"mention"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58"
]
],
"content": "I was trying to make the case for trust attestations made against releases rather than binaries like what happens with gpg signatures today. I'm coming around to them just being made against pubkeys, app profiles and binaries.\n\nGiven that nostr:nprofile1qqs8y6s7ycwvv36xwn5zsh3e2xemkyumaxnh85dv7jwus6xmscdpcygpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz8thwden5te0dehhxarj9ekh2arfdeuhwctvd3jhgtnrdakj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qxvpy4 has already been building with mutable releases, I don't think there is a strong enough argument here to warrant a change.",
"sig": "94894f1b38351cbcf5b57220e3419cf4fcaa66107bad7b2966588dffd0d81721ae93031b10b9060fcaf281c8e5bc6da5757eaaa6df40b690efb1a2d2ed93c9a5"
}