I believe Fedi is currently the only closed source app indexed in zap.store , and this was by mistake. Their source repository only has a README file.
We will eventually support proprietary software but need to work on the appropriate warnings.
What should we do now? Leave the misleading repository or delist the app? Both options sound bad.
Can you rework the icon to clearly show it’s a problem child ?
Has Fedi ever given a reason for their decision not to open source their wallet app?
I am curious what the business rationale is.
Maybe a “⚠️warning: closed source ⚠️” label.
The source code cannot be audited, or verified. By using this app you sign up to a greater risk of rugpull, and uncertainty in what happens with your data.
cc nostr:npub149p5act9a5qm9p47elp8w8h3wpwn2d7s2xecw2ygnrxqp4wgsklq9g722q
Can you display it as "Unsigned" and "Unverified"? Although technically you signed it, mmmm.
Maybe sign it with a "Google Playstore"-npub lol 😂 and display it as unverified and with "install at own risk"?
both options sound bad but this note sounds good. With this approach every decision will be a success🤗
Delist first then work on a framework for displaying the appropriate warnings if you decide to relist
+1
delist dawg
embarrasing for wot fans, if a few high profile influencers can trick everyone into installing a closed source app then wot wont work
Delist.
Which I will also do with you when you start supporting closed source software.
We're creating an app store in an adversarial permissionless environment. "Delisting" is only possible today because we have control during this bootstrap phase.
Closed source apps, malware and everything in between is coming. We don't want to become yet another "benevolent" dictator - and ultimately we can't as nostr is a permissionless censorship-resistant protocol.
We will become the best tool for users and developers to find each other with the highest fidelity possible in such an environment.
This is the way
That makes sense.
You want to be a truly free market.
Which just means the people will have to take responsibility for their own choices.
For the zapstore "as protocol" the selection will happen client-side with people decide for themself what to download, what relays ping and what npub trust.
But for your relay you need to decide a policy and you are responsible of what it store and for the zap.store npub you are responsible for what you sign.
This is the way.
Maybe add a warning in a "github like" way, like you have to type in:
"Closed source app"
to continue.
Sounds painful, but if ok ok next is possible, people will jump through this warning accidentally.
Just a random idea.
