Oddbean new post about | logout
 I can't wait for @Zapstore to no longer be bottlenecked by a single npub publishing notices of updates.

I want my new #amethyst damnit! 
 Obtainium 🙃 
 I still have Obtainium for the 3 apps that are not in the store yet, but I moved everything else over to the store and I don't want to mess around with that for something that will surely be fixed soon enough. 
 I downloaded in zap store and updated in obtanium and it's fine 
 Btw you can actually install and update Obtainium from zap.store (and viceversa) 
 Badass 
 Looks like you may have an issue with parsing version numbers. 

https://i.nostr.build/zdAvz.jpg 
 I am still trying to figure out how to do this myself 
 Would you be willing to sign every Amethyst release with your nsec? 

In the next few weeks I'll be launching an (alpha) dev signer CLI ! Sign with nsec or browser extension 
 👀 
 Huge if Vitor says yes 🥹 
 For sure! I already have the release key signed as NIP-69. Happy to do the rest as well.  
 This is awesome! I'll be in touch 
 How is the nsec encrypted on disk? Mac OS Keychain? 
 I guess it's up to each developer, first version will read nsec from env 
 But otherwise show the events to be copied and signed elsewhere 
 @Zapstore are you interested in collaborating on a NIP? There is a huge overlap between App Stores and software repository releases. There may be benefits of aligning the two. I created gitworlshop.dev and ngit which are NIP-34 clients. 
 Tell me more, what kind of NIP? 

In my view there's a strong connection between both but not much overlap. 

zap.store is using NIP-51 kind 30063 for releases coming from a repo. I might need to update it slightly but it's simply a replaceable event listing release files. And others:

https://github.com/zapstore/zapstore/wiki/Sample-app-events 
 Either a new NIP or a section within NIP-34 so the protocol is clear and it is easy for clients to implement if they wish.
I see the 'release artifact set' in the 'Examples' section of NIP-51 but there is more to the protocol than that.
There are three aspects: 1) application profile event, 2) release event 3) trust attestations
I started to draft something and that process brought up some questions and scenarios it might be worth discussing. 
 Want to join our telegram group and discuss it there? https://t.me/+Azeu1bePFNtkYWMx

Did you check out the sample events? App profile events are kind 32267 used in zap.store and will become a NIP! And for trust attestations, are you following the NIP-77 discussion? 
 Why is there overlap? relating releases to their underlying code repository is both logical and provides improved trust heuristics. Obtainium is a good example of this. It would seem odd to have duplicated and disconnected release events, for the same app for app stores and code repositories.
It won't take much to relate application profile events to NIP-34 announcement events. There are a few ways it could be done. The beauty of nostr is that clients could make this connection front and centre or ignore it completely. 
 Absolutely, they should be connected 
 Posting a magnet link should work  
 I should do this too with https://github.com/andreasgriffin/bitcoin-safe releases. If people click the magnet link of a nostr post of the developer it makes the pgp verify unnecessary, and the torrent software ensures the integrity of the file. (and it adds censorship resistant downloads as a side effect)  
 I promise, me too!

Update job just launched, latest versions should be available now