Oddbean new post about | logout
Zapstore | 5 months ago (raw) | root | parent | reply | flag +24 
 Would you be willing to sign every Amethyst release with your nsec? 

In the next few weeks I'll be launching an (alpha) dev signer CLI ! Sign with nsec or browser extension
Gigi | 5 months ago (raw) | root | parent | reply | flag +15 
 👀
nostr:nevent1qqsfljdavlmpxw48mmmd9zjv0htmh8qg5hux5ug64d5fyctpg5xa30qpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygrceeh65u3xgwrjsnny0wnf8zv4wd0v3374ckn9wdl92yc0qf3s05psgqqqqqqsur9s9s
Gigi | 5 months ago (raw) | root | parent | reply | flag +1 
 👀
Derek Ross | 5 months ago (raw) | root | parent | reply | flag +4 
 Huge if Vitor says yes 🥹
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag +7 
 For sure! I already have the release key signed as NIP-69. Happy to do the rest as well.
Zapstore | 5 months ago (raw) | root | parent | reply | flag +2 
 This is awesome! I'll be in touch
tank | 5 months ago (raw) | root | parent | reply | flag 
 How is the nsec encrypted on disk? Mac OS Keychain?
Zapstore | 5 months ago (raw) | root | parent | reply | flag 
 I guess it's up to each developer, first version will read nsec from env
Zapstore | 5 months ago (raw) | root | parent | reply | flag 
 But otherwise show the events to be copied and signed elsewhere
DanConwayDev | 5 months ago (raw) | root | parent | reply | flag +2 
 @Zapstore are you interested in collaborating on a NIP? There is a huge overlap between App Stores and software repository releases. There may be benefits of aligning the two. I created gitworlshop.dev and ngit which are NIP-34 clients.
Zapstore | 5 months ago (raw) | root | parent | reply | flag +1 
 Tell me more, what kind of NIP? 

In my view there's a strong connection between both but not much overlap. 

zap.store is using NIP-51 kind 30063 for releases coming from a repo. I might need to update it slightly but it's simply a replaceable event listing release files. And others:

https://github.com/zapstore/zapstore/wiki/Sample-app-events
DanConwayDev | 5 months ago (raw) | root | parent | reply | flag 
 Either a new NIP or a section within NIP-34 so the protocol is clear and it is easy for clients to implement if they wish.
I see the 'release artifact set' in the 'Examples' section of NIP-51 but there is more to the protocol than that.
There are three aspects: 1) application profile event, 2) release event 3) trust attestations
I started to draft something and that process brought up some questions and scenarios it might be worth discussing.
Zapstore | 5 months ago (raw) | root | parent | reply | flag 
 Want to join our telegram group and discuss it there? https://t.me/+Azeu1bePFNtkYWMx

Did you check out the sample events? App profile events are kind 32267 used in zap.store and will become a NIP! And for trust attestations, are you following the NIP-77 discussion?
DanConwayDev | 5 months ago (raw) | root | parent | reply | flag +1 
 Why is there overlap? relating releases to their underlying code repository is both logical and provides improved trust heuristics. Obtainium is a good example of this. It would seem odd to have duplicated and disconnected release events, for the same app for app stores and code repositories.
It won't take much to relate application profile events to NIP-34 announcement events. There are a few ways it could be done. The beauty of nostr is that clients could make this connection front and centre or ignore it completely.
Zapstore | 5 months ago (raw) | root | parent | reply | flag 
 Absolutely, they should be connected
Andreas Griffin | 5 months ago (raw) | root | parent | reply | flag 
 Posting a magnet link should work
Andreas Griffin | 5 months ago (raw) | root | parent | reply | flag +1 
 I should do this too with https://github.com/andreasgriffin/bitcoin-safe releases. If people click the magnet link of a nostr post of the developer it makes the pgp verify unnecessary, and the torrent software ensures the integrity of the file. (and it adds censorship resistant downloads as a side effect)