Subnostr

The store is pretty dope, so far. I was happy to see a good mix of apps I already use and new ones to explore.

This may be a noob question:

I see that the apps in the store publish the SHA-256 hash for their files. But, using the store, I can't figure out how to check the hash with something like Deadhash before install, as it just goes straight to install. Is there a way to download only or check the hash before install?

Thanks!

elsat 1y ago

That is not a noob question - that is an excellent suggestion!

Short answer: #induecourse

You will be able to perform hash verification, and report this to the nostr network.

In turn, you will be able to see who from your WOT has verified a particular app’s hash.

https://github.com/zapstore/zapstore/issues/101

cc nostr:npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9

Reply to this note

Please Login to reply.

Discussion

Nope Noperson 1y ago

Awseome! Glad to hear.

elsat 1y ago

nostr:npub1r62uqpe3pmnaxdrmyr98zs24xt9g363pe93h3rpp24s2c7srkc5spq8emd how do you feel about submitting to nostr network that you performed the hash verification?

Nope Noperson 1y ago

I think that would be a great feature.

It's a bit of a double-edged sword. On one side, it is promoting checking hashes and probably exposing people to that capability. On the other, web of trust betrays the zero-trust ethos, though it's probably the next best thing.

There's a pretty strong tech community on NOSTR that is well known and highly engaged. So, WoT seems like a viable strategy. How that works as NOSTR scales and the tech community becomes less dominant, I don't know.

I think the positives outweigh the potential negatives, though.

Cool stuff; keep it up guys!