This is a question that should be directed at nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75spz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszxnhwden5te0wpuhyctdd9jzuenfv96x5ctx9e3k7mf0dv4ph5 , unless you have other examples that you've found.
We've mentioned an issue just yesterday which he's trying to fix already here:
He already addressed it, it's because he is publishing to zap.store and forgot to deploy the apk to github. Which to me means zap.store isn't simply aggregating stuff from github but instead is another place to publish APKs signed by your npub
I've noticed this too
Not always the same source; which has potential to he concerning
My downside with zapstore is there's no description to what I'm downloading. A small description section would be great; not just a github link
The description field I pretty sure it is up to the developers to add them.
But again, if this is an extra step for them, I'm not surprised if they choose not to do a super hard copy paste from GH 😂
Many apps publish many different APKs for every release. What's concerning?
And what description are you referring to? A lot of apps do have one. Could be improved sure
1. Yes, I agree because Keet for example, displayed a similar behavior and I think they just decided not to push to zap.store anymore for some reason so it lead me to understand that zapstore requires a manual push from developers on top of their already existing GH push (the pear releases GH had the latest one!)..
2. It feels so good to receive .apk updates based on my Nostr account, instead of trust in Google Play Store. Depending on my installed app version, I may sometimes be on a higher version than what's being displayed on zap.store and that requires a manual install from another source.
3. So this may just be a developers dilemma in the end on where they need to push .apk updates to.. (maybe?)
My bet is it's zap.store signs a bunch stuff themselves. For example, primal on zap.store is signed by zap.store and that is probably the zap.store dev doing the link aggregating from github you're talking about, but this kinda defeats the purpose IMO, but olas for example has a pipeline that signs and publishes to zap.store, which is how it's supposed to be used. Otherwise you're basically just substituting your trust of Google to zap.store supported by a web of trust (most of which probably don't know what the fuck they're actually downloading)
Yeah I agree. nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 can you reassure the public here on what the WoT means, and how .apks are actually fetched from GH? 👀
Web of trust in this context is a "follows who follow". It's a quick way of determining if people you know follow the signer.
Zapstore is just another signer. If you don't trust our indexer pulling metadata from Github, you don't install anything from Zapstore.
All apps from Github APKs are downloaded from there when you install an app, and checked against the hashes that were indexed previously.
Thanks for clarifying! 😊
Keet never pushed anything to Zapstore. If the app on Zapstore is old it's because the link the indexer has may be broken.
Most of the APKs on Zapstore and Github are the same. Incompatible versions are due to different certificates, which would be the case for apps that are pushed to Play Store for example
