Nostr Web Client

We're definitely interested in being a curator and in fact we already are one (plan is with time to allow other relays and curators). We'll see how everything plays out, for sure there will be tons of developers that will not sign their apps and curators will have to in their place. I don't really like F-Droid's model for non-reproducible builds, I'd rather pull the dev build with their own certificate and stamp a nostr signature on it. Step by step 😄

DanConwayDev 1y ago

It will be interesting to see how it all plays out.

I'd definitely value a dev attesting that they reviewed all the code added to Sparrow Wallet in a release and Craig Raw isn't obviously rugging everyone. I'd want to zap that.

Reply to this note

Please Login to reply.

Discussion

franzap 1y ago

Sure. But besides reproducible builds it's impossible to know if the build is not manipulating the source code. So you got to trust the dev and the build environment

franzap 1y ago

That's where OS permissions and software like opensnitch etc can help too

DanConwayDev 1y ago

I personally use nix, which allows me to easily build from source in a lot of cases.

DanConwayDev 1y ago

But it doesn't matter if the builds are reproducable if the source code contains malicious code.