you could DM instead 🤷🏽♂️😂
Hoping to clarify what seems to be a misunderstanding by nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx about how the Pi Zero hardware shapes the nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl security model.
(see: nostr:npub10uthwp4ddc9w5adfuv69m8la4enkwma07fymuetmt93htcww6wgs55xdlq #320)
I'm not about drama, certainly not looking to increase it.
Please give this a read and hit me back w/any questions:
https://gist.github.com/kdmukai/e270dd1c7b53b8daea4a9fc1ac89847c
Discussion
Security convo matrix is roughly
1. publicly discuss risk, private clarification
2. publicly discuss risk, public clarification
3. privately discuss risk, private clarification
4. privately discuss risk, public clarification
The problem with 1.) is that even if those risks can be fully dispelled as nothings, if that clarification is done in private, everyone else is still freaked out and might think they're in danger.
Therefore since the RHR criticism was so public, so should be the clarification, thus 2.).
3.) and 4.) aren't relevant here, but for completion:
3.) is fine if there was never any real risk (e.g. someone asking, "Hey, can X happen?" "No, it can't because blah." "Ah, okay, cool"). No harm, no foul. But not great if there is a real risk and it's quietly fixed and never publicly disclosed.
4.) is pretty common: "We get this question a lot so let's discuss this concern...". Or it's a real risk that's fixed and then publicly disclosed.