Oddbean new post about | logout
ever4st | 5 months ago (raw) | root | parent | reply | flag 
  @rooc

good point, 
and I have no clue

I have watched several installations of bitcoin-core (on Mac, or Windows and Linux) and the npub part was not in there
rooc | 5 months ago (raw) | root | parent | reply | flag +1 
 probably zapstore thing somehow explains that
ever4st | 5 months ago (raw) | root | parent | reply | flag 
 this is zapstore 
https://github.com/zapstore/zapstore
ever4st | 5 months ago (raw) | root | parent | reply | flag +1 
 asking 
 @Zapstore
Zapstore | 5 months ago (raw) | root | parent | reply | flag +7 
 It was a proof of concept for what we're building. It's not fully functional on CLI yet, but it will come. 

You can install bitcoin core from many package managers but often have no idea who built it. You may need to trust one entity and a random maintainer for your distro and there's no easy way to change that. 

If we can make package hashes be cryptographically linked to nostr pubkeys, we can leverage trust signals in the nostr network and do curation to increase confidence in what we're installing.

Web of trust is not the one and only solution to this problem, or a perfect one, but a powerful tool in the toolbox. Our goal is to maximize signal and minimize noise while operating in an adversarial  permissionless environment.
rooc | 5 months ago (raw) | root | parent | reply | flag +2 
 In other words that means that some nostr users sort of "sign" your package and if I trust this user I trust your package. Did I get it right?
Zapstore | 5 months ago (raw) | root | parent | reply | flag +1 
 Correct
ever4st | 5 months ago (raw) | root | parent | reply | flag +1 
 Thanks very much for that great explanation