Replying to Avatar DanConwayDev

I see the maintainer role as quite different to the contributor role. Maintainers decide which changes get applied to an application and make it into each release whereas contributors propose and / or code the changes. Often maintainers also review for quality but this is also sometimes left to contributors theough peer review.

The fabrication argument applies to the contributiom rather than maintainership.

In my above example the 3 maintainers could decide to create a key pair specifically for releases and share it amoung one another. It could issue the app profile event and each release. This seems to make the most sense if users are going to subscribe to a single app profile per application for releases.

What happens if one of the maintainers moves on? may be there is a falling out or they start working on the closed-source competitor. They will still know the signing key.

If however, app profiles supported maintainers each of them could create their own app profile from their existing pubkey, leveraging their own reputation, and include the others as maintainers. excluding the maintainers field, the app profile for this group would be the most recent one submitted by any of them. Any releases issued would be on behalf of the group. The membership of this group can evolve.

This is the best case I can make for adding a maintainers field.

I would prefer to follow an app profile published by a group of specific pubkeys with their own reputation who claim to maintain an app than a single pubkey who's ownership is opaque.
Avatar
franzap 1y ago

Yes I fully agree, this can definitely become a problem. I think though we're stepping on premature optimization territory. We can always add/migrate to the maintainers tag later if it ever becomes necessary, right?

Reply to this note

Please Login to reply.

Discussion

Avatar
DanConwayDev 1y ago

I thought about this one as it becomes very difficult to add later as we are building a bazzar rather than a cathedral. The incentives won't be there to add it later.

Without this feature most app teams will create a keypair for the app and share the key between maintainers. This will build up trust and an install base. They won't be incentivised to abandon threre existing pubkey which has built up trust and an install base. They won't have a mechanism to make it easy for users to switch to the new model. And unless 90% of the client support it they will degrade the upgrade experience for a proportiom of their users.

Clients won't be incentivised to add support because 1) there client is working 2) they are busy with other things 3) existing app teams aren't asking for it becuae of the above incentives 4) they are waiting for other clients to add support first

Avatar
franzap 1y ago

Sure, it's all about striking the cathedral/bazaar sweet spot. Can't something like FROST solve this or do we need to bake it in now? A few weeks ago nostr:npub18z6qteykzjp4czp6uypnnrz3qv2u8gpkdnazwy2ejhneayj9zpvqzvn6df posted videos showing nostr multisig

Avatar
DanConwayDev 1y ago

As I understsnd it, in an n/m you can only remove n-1 participants which wouldnt meet our needs.