Whoa, sounds like you hava a MITM dependency attack, dufflepud should not ask for wallet deets. For the rest, maybe I'll look at putting together a guide
i've set them back to work and now i just have link previews disabled, but images and gifs are loading like normal.
i want to run a dufflepud instance but when i run 'poetry install' it asks me to unlock my kde wallet and i never put a password on said key anyway, and i'm very puzzled why it picks the kde keychain when i have seahorse and keepassxc configured to do the gnome keychain.
would be cool to run the image cache myself too...
gonna try and figure these things out, there might be a way i can bundle them up and have them run in a docker... well, not high priority issue but still, a docker to run all the coracle.social pieces without accessing the web directly would be cool nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9rhwden5te0wfjkcctev93xcefwdaexwtcpr3mhxue69uhkx6rjd9ehgurfd3kzumn0wd68yvfwvdhk6tctty609 (just in case it's an easy question to answer, otherwise, no problem).
Discussion
it's asking for me to unlock a keychain, i assumed it wants to access a private repository maybe.
i know there was similar exploits done to tiny, far flung dependencies in NPM in the past maybe a similar attack.