The option is adding your app to apps.yaml in our repo https://github.com/zapstore/releastr and sending a PR (or let us know). It only supports github as source right now.

I know, it's not great. We're working on supporting more sources and after that, developers self publishing.

Great! It's early days. Let us know your experience

We will fix this

"Cypherpunks for three decades have been trying to create cryptographically secure webs of trust, and what nostr figured out is we just need people to shitpost to bootstrap them" - nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx on the latest RHR

🎯

We use PageRank, so not exactly a WoT score as known here but still a popularity contest.

It's early days though, all this will get better.

Relay selection will come to zap.store eventually! Step by step.

If you want to better understand zap.store's web of trust checks, here is a web version to play around with:

https://trustgraph.live

Interesting. Should be fixed when we check version codes. Planned for next release

Yes, but support for more sources coming soon

Thank you!

Absolutely, all those features in the roadmap, including curation, reviews and reproducible builds.

Appreciate the offer for help! Once we pass this messy bootstrapping phase we'll be looking for contributors

We're creating an app store in an adversarial permissionless environment. "Delisting" is only possible today because we have control during this bootstrap phase.

Closed source apps, malware and everything in between is coming. We don't want to become yet another "benevolent" dictator - and ultimately we can't as nostr is a permissionless censorship-resistant protocol.

We will become the best tool for users and developers to find each other with the highest fidelity possible in such an environment.

For now, while we bootstrap, send a PR with an updated apps.yaml at https://github.com/zapstore/releastr

No we don't vet any version. We simply index select repositories and pull the APKs. Curation will come in due course.

Correct

Obi gave me a reason. I don't remember what it was. I guess it didn't make sense to me.

I believe Fedi is currently the only closed source app indexed in zap.store , and this was by mistake. Their source repository only has a README file.

We will eventually support proprietary software but need to work on the appropriate warnings.

What should we do now? Leave the misleading repository or delist the app? Both options sound bad.

It was a proof of concept for what we're building. It's not fully functional on CLI yet, but it will come.

You can install bitcoin core from many package managers but often have no idea who built it. You may need to trust one entity and a random maintainer for your distro and there's no easy way to change that.

If we can make package hashes be cryptographically linked to nostr pubkeys, we can leverage trust signals in the nostr network and do curation to increase confidence in what we're installing.

Web of trust is not the one and only solution to this problem, or a perfect one, but a powerful tool in the toolbox. Our goal is to maximize signal and minimize noise while operating in an adversarial permissionless environment.

Soon!

There was some discussion in the Blossom repo around mirroring lately

But Elon can change your follow list

You got it

nostr:nevent1qqsztze3mumufhz2c4ax4rlpahptfuh6uqq2ma0835pz5002lemc8mgpp4mhxue69uhkummn9ekx7mqzyq7s83fkppq4k8t333mcdmsshk6wv77w6v3q0cegsrhfu3psrgv7cqcyqqqqqqgm7dtvp