DanConwayDev on Nostr: I'm not suggesting you should as it would shift your focus from building zap.store ...
I'm not suggesting you should as it would shift your focus from building zap.store into QAing apps. Using a f-driod type issuer of releases would prevent the developers from issuing malicious binaries for non-reproducible builds but enable the issuer to do so. I don't think the incentives are there for anyone to take on that role.
The nature of the trust attestations and how they are interperted is the tricky bit. Probably much easier to critise than design.
Published at
2024-07-03 20:44:36Event JSON
{
"id": "2e58cf95e8708c4fa28caa2d11528f9d53874c66b0faa6a7685826baf410b1cc",
"pubkey": "a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d",
"created_at": 1720039476,
"kind": 1,
"tags": [
[
"e",
"7fba60aa1cd8232156992ed5fe69a5c5cdd201b4b8bf2ade5152291036b2f67f",
"",
"root"
],
[
"e",
"bdeabaf2fd0dadbcec7c9e9e32c855aaab5afaa13593c49ab39cf3493dd11d6a"
],
[
"e",
"cd6a3e16b1696b1c5e80f53daee9c5eba10c3e7303f6693e992f8b0fded5c87b",
"",
"reply"
],
[
"p",
"a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58"
],
[
"p",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
],
[
"r",
"zap.store"
]
],
"content": "I'm not suggesting you should as it would shift your focus from building zap.store into QAing apps. Using a f-driod type issuer of releases would prevent the developers from issuing malicious binaries for non-reproducible builds but enable the issuer to do so. I don't think the incentives are there for anyone to take on that role.\nThe nature of the trust attestations and how they are interperted is the tricky bit. Probably much easier to critise than design.",
"sig": "601b95d7bbef8721b7142be92da63ab2147deb1dd67e4d4370dd7e6b4cf6c229a52aed2e5372f48bd4cd5483aee84c75c505bfd45c80acc7257d2e55ae440822"
}
