Oddbean new post about | logout
 probably zapstore thing somehow explains that 
 this is zapstore 
https://github.com/zapstore/zapstore 
 asking 
 @Zapstore  
 It was a proof of concept for what we're building. It's not fully functional on CLI yet, but it will come. 

You can install bitcoin core from many package managers but often have no idea who built it. You may need to trust one entity and a random maintainer for your distro and there's no easy way to change that. 

If we can make package hashes be cryptographically linked to nostr pubkeys, we can leverage trust signals in the nostr network and do curation to increase confidence in what we're installing.

Web of trust is not the one and only solution to this problem, or a perfect one, but a powerful tool in the toolbox. Our goal is to maximize signal and minimize noise while operating in an adversarial  permissionless environment. 
 In other words that means that some nostr users sort of "sign" your package and if I trust this user I trust your package. Did I get it right? 
 Correct 
 Thanks very much for that great explanation