Nostr Web Client

1. Yes, I agree because Keet for example, displayed a similar behavior and I think they just decided not to push to zap.store anymore for some reason so it lead me to understand that zapstore requires a manual push from developers on top of their already existing GH push (the pear releases GH had the latest one!)..

2. It feels so good to receive .apk updates based on my Nostr account, instead of trust in Google Play Store. Depending on my installed app version, I may sometimes be on a higher version than what's being displayed on zap.store and that requires a manual install from another source.

3. So this may just be a developers dilemma in the end on where they need to push .apk updates to.. (maybe?)

AU9913 1y ago

My bet is it's zap.store signs a bunch stuff themselves. For example, primal on zap.store is signed by zap.store and that is probably the zap.store dev doing the link aggregating from github you're talking about, but this kinda defeats the purpose IMO, but olas for example has a pipeline that signs and publishes to zap.store, which is how it's supposed to be used. Otherwise you're basically just substituting your trust of Google to zap.store supported by a web of trust (most of which probably don't know what the fuck they're actually downloading)

Reply to this note

Please Login to reply.

Discussion

Bitcrazy 🛀 1y ago

Yeah I agree. nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 can you reassure the public here on what the WoT means, and how .apks are actually fetched from GH? 👀

Zapstore 1y ago

Web of trust in this context is a "follows who follow". It's a quick way of determining if people you know follow the signer.

Zapstore is just another signer. If you don't trust our indexer pulling metadata from Github, you don't install anything from Zapstore.

All apps from Github APKs are downloaded from there when you install an app, and checked against the hashes that were indexed previously.

Bitcrazy 🛀 1y ago

Thanks for clarifying! 😊