another "similar" project https://github.com/nostrocket/snub nostr:nprofile1qqsdjyv3uv8qq3ztjskqaqk263ctx2h3w9mycgn4hmstmxfh0m75qagpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs7amnwvaz7tmwdaehgu3wd4hk6qgnwaehxw309ahx7um5wghrvwpc9ehhyecsnkhzg
MVP for a CLI based keychain and signer for nostr keys:
https://github.com/mleku/signr
This is part of work to develop a nostr-connected decentralised git hosting system, this will be the tool that signs commits using nostr keys so they are readily recognised as being from a given nostr user account.
needs some documentation, probably, all feedback most welcome.
note that it uses an original design for signing that takes into account proper authentication security matters, the signatures always have a random value associated with them, and the signature is on top of the hash of the file plus the random value plus some extra parts that make it distinctive.
probably it should be made into an NIP at some point, but my focus right now is, after this, to plug it into Git as a custom signature tool so Git hosting systems can verify commits and tags are signed by who they should be.
Discussion
nostr:nprofile1qqsth3eu4eq4qtw667jpzfvxmjh5gg5pp4s25j6hccmue5d8g6c8s3qpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9mhwden5te0dehhxarj9enx6apwwa5h5tnzd9aqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcaf8ysx is what signr relates to.
HORNET doesn't interface quite so directly with Nostr and is aimed mainly at creating a replication protocol that allows relays hosting Git repositories to sync with each other... at least, that's my rough understanding of it. nostr:nprofile1qqs9njktmqadt322myw6eag6f8qxuzl0wv9vpe7zxkn0d73fhy3s7qspr3mhxue69uhkummnw3ezumt4w35ku7thv9kxcet59e3k7mgprpmhxue69uhkc6t8dp6xu6twvaex2mrp0yhxxmmdqy08wumn8ghj7mn0wd68yttjv4kxz7fwv3jhyettwfhhxuewd4jsc3t90n and others in the project know more about that side of it, I'm just doing the cryptography/tooling for the Git interfacing.
HORNET will be applicable to Nostr itself, though, since it will enable the compact representation of nostr accounts and the means to selectively synchronise their activity across relays.
I'm not sure exactly where we are at on the timeline, I have only really just joined this and taken on this task because I'm quite comfortable with coding and cryptography systems, hashes and EC signatures.
I am starting on integrating this CLI tool into Git so it can automatically sign commits now.
Snub sacrifices backwards compatibility with git. Git is highly evolved tech’ years beyond Nostr.
The goal of GitNestr is to broadcast the Commits, Issues, and Pull Requests of GitHub as #Nostr notes — then store the git folder as a Merkle DAG on relays. The root of the Merkle DAG is signed like a Nostr note, authenticating the repo.
This allows people to pull their repos straight off GitHub and upload it to Nostr relays.
Sacrificing git is a grave mistake given how advanced the technology it is — abandoning git also creates switching costs for users.
Ahh I see it does interface with git actually, but where is the repo stored?
If the repo isn’t decentralized across relays, then how is this censorship resistant?…
it's like i said somewhere - maybe in this thread - it's not got enough thought about the protocol. and like you say, why reinvent the wheel, git just needs a filesystem, and an fs is a much easier thing to make a protocol for.
it is possible to concurrently mutate a git repository, but only when it's a different branch, if the mutations are both on the same node. with that attended to either order of applying the change yields an atomic result.
