Oddbean new post about | logout
8M | 1 months ago (raw) | root | parent | reply | flag 
 Hashes are good, but ultimately public/private key cryptography is needed in some form to ensure trust minimized to just signer/dev (holder of private key)
kidwarp | 1 months ago (raw) | root | parent | reply | flag 
 Are you saying the initials zap.store download is verified by our nostr keys then?
Zapstore | 1 months ago (raw) | root | parent | reply | flag +1 
 zap.store does this for you, but you are right that for verifying zap.store itself you need to either trust the domain or verify the hash.

This is why we publish hashes in our nostr profile.

If you already have AppVerifier, that's one way. Or you could do it in the computer. Would be nice to have tutorials for both
kidwarp | 1 months ago (raw) | root | parent | reply | flag 
 That’s why I asked about a website to check as I do not have either(pc or app) to check the hashes.
Zapstore | 1 months ago (raw) | root | parent | reply | flag 
 I'm not against it but you need to trust the website host then.

Ideally we want multiple websites pulling these events. https://zap.store eventually will show this info, and then something like an app in nostrudel "more" could work too
kidwarp | 1 months ago (raw) | root | parent | reply | flag +2 
 Much appreciated chat thank you