like I followed koalasat for other projects, but it looks like i'm endorsing pokey which is misleading
Discussion
I'm trying to leverage follows because that's all we got in nostr.
That said I am open to suggestions for that UX, do you have any?
For the record, I did not like you calling this an affiliate scam nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s
I am telling you my initial reaction, im sorry you don’t like it
if this was a signer app it would have even been more confusing, as it would say "jb55 follows this signer"
this is meant to solve "oh fuck there are 69 pokey, which one is thbereal one?" problem, not an app quality problem
yeah but the reality is that it doesn't say that for the app, it just says that for the signer… so if the app was originally from some obscure key, and some influencoor publishes another copy, it will tell the copy is the real one no? I guess we're not at that point and simple deductions like this works for 99.9% of the cases
yeah that's pretty bad. think I'm going to not publish to zapstore at this time until this is fixed.
but I guess anyone can publish damus android there without my permission and it would show that I endorse it just because I follow that key. pretty incredible.
I just need to piss franzap off so he publishes a malicious version of my app, it would look completely legit. Sounds like an entirely centralized infrastructure dependent on a single guy, who i already don’t trust from past interactions. Yeah i’m out
But if that is your concern, you are better off publishing it in the zapstore, such that the version signed by you or the damus pubkey is in there🤔
if this is possible, I don't see what's stopping it from being filled with malware and false WoT endorsements. if its franzap managing that personally I don't see how this is a good solution at all, since it would be very centralized. for instance if I pissed franzap off (likely already since I called it an affilliate scam), then I wouldn't be able to publish the app at all. maybe he would get a kick out of publishing a troll version signed by himself with tons of WoT endorsements since people follow him.
the system is just poorly designed and depends too much on him imo
There are two things here, how zapstore is build, and what all this WoT stuff does.
Now i have not looked into zapstore that much, but i think at this stage he is gatekeeping things and want to open things up eventually, we can all think of that what we will.
But your original complaint was irt to the WoT stuff, and there i think your reasoning is weird. The point is to give you context such that you can trust that you have the correct signer. I.e. that if an app release is signed by either you or the damus profile, it is actually you or the damus profile. Obviously if i see a version of damus signed by peepeeMCpoopoo, it does not matter who follows peepeeMCpoopoo, because it makes no sense to download his version to begin with.
That this system is not flawless is true by defintion, regardless of what improvements are made, the only alternative that would cover that flaws is a trusted gatekeeper (the play and appstore model), which has drawbacks of their own.
Anyway, don't conflate things
I don't see how this is any different from play or appstore model. you need approval from franzap to appear on the zapstore do you not?
That would the first matter i described, yes. It is currently some weird hybrid of the two models. Im sure Franzap has his reasons for doing that, currently, and i am not sure if i would agree. We can ask him, nostr:npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9 why not open things up and allow people to publish releases via Nostr/blossom directly?
Regardless, other than him directly censoring you, what would be the problem of you submitting Damus, signed by the damus nostr profile?
I don’t want to ask for permission from anyone. I’d rather just publish an apk on my site and tell people to use obtainium or something, at least for now until im on the play store. I don’t see what advantages zapstore has for sovereign publishing over an apk and your own server, as it seems strictly worse because it is permissioned.
What happened to permissionless tech?
That’s the eventual goal. We’re making the right steps. All I am looking for is to determine a trusted signer for an app. First, we need to step away from the permissions platform app stores, then provide a permissionless way to discover and host the apps.
Exactly, permissionless way = managing relays + blossom servers
I'm working on it while keeping a safe experience for everyone in the meantime.
you npub need to whitelisted
This "permissionless tech" will require *you* as a developer to go through KYC from 2026 onwards if you want users to sideload your APK on a normal Android phone.
Tech in general exists in a permissioned zone. I don't know what permissionless tech even means? Even Ham radios require a license, and they can triangulate an operator down if that operator doesn't have one.
It's like talking about permissionless passports or something similarly weird-sounding.
I prefer to say that tech exists and is successful as a result of (voluntary) convention. Governments (especially, the EU) are making the mistake of confusing this with (mandatory) compliance.
We are still in early days figuring out the conventions and not jumping headlong into permissioned compliance.
I think it's pretty up in the air. While you'd never know it from Nostr there is widespread support for some of this regulatory stuff. For the keeping children off certain sites thing, it's all well and good to say it should be up to parents, but a lot of parents are working all hours and struggling with just getting by, and getting a little sleep too, they'd welcome some help from regulators to keep their kids off certain social media and porn sites that are known to be bad for child health. It could be that most people want tighter controls, and that those who don't, while well intentioned, are in the minority.
Sometimes when people say "permissionless" they mean "OK to use until you're noticed by people who can and want to stop you", right?
Correct, as such radio is permissionless. For your radio to function, you don't need to first ask someone else to turn it on. It basically comes down the question of is there a gate you have to go through or not.
So a car is permissionless, eventhough you need a license. But if they install a breathalyzer into it and you have to pass that test before it even starts, it is not permissionless.
This is very important, because a lot of what is going on, is turning things permissioned. During COVID they imposed this QR-code permissioned society, putting up 'gates' everywhere in the physical world; and a bunch of these new internet laws do the same where you first need identify yourself before the gates to the web open.
Be very aware of people who propose permissioned systems, because they limit your liberty.
But what does that even mean? You use the ham radio without a license, but then you get triangulated, there's a knock on the door, and you're issued a fine. How is that permissionless?
You can just walk into a grocery store and take stuff, there's no gate. Doesn't mean shoplifting is a permissionless activity.
It's just delayed consequences for not having permission. And it's the existence of the consequences that determine whether something is permissioned or not, not the exact timing of those consequences.
Why is the difference between starting in a cage, and having to ask to be let out all the time; and being outside of a cage, and being put in only those instances of transgression; so hard for you to understand?
Sorry but shoplifting is not a permissionless activity and you won't convince me otherwise.
Are you OK with submitting it to F-Droid for packaging?
Excuse me, what?
The system is not poorly designed, you don't know what you are talking about.
Further, I would not ban you or publish a troll version of anything, why would you insinuate I'd do that?
Let's see if you talk to me this way when we meet in person again.
tried to bring this up early on.
nostr:npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9 cried and told nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc i was abusing him. Then nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc cried too. 🤷😂
this influencer would put his reputation on the line. If he/she misbehaves, that's on public display.
Zapstore for example publishes apps on behalf of others, and that's perfectly fine if you trust zapstore.