Oddbean new post about login | logout I for one welcome Github censorship. It will make a lot of normie developers wake the fuck up. And on this side of the universe we'll be using nostr-signed developer releases of binaries scattered throughout a myriad of Blossom servers. nostr:note1vjkfvs68l8ujexjj882k94xusxz2rk9p0e4lr58wvzcxypvuk58sh0hycl
I'm legit asking, how do you nostr sign release binaries? Is there a tool for that?
https://github.com/mleku/signr This might be worth looking into (have not tried)
Will check that one out. Also NIP-46 (on a server, with nak, with Amber on phone, on @BlackCoffee upcoming device, etc)
NIP-94 (kind 1063) for binaries, NIP-51 (kind 30063) for binary sets and NIP-XX (kind 32267) for apps. As for best UX, that's something I'm trying to figure out with zap.store. Example of how those events look like: https://github.com/zapstore/zapstore/wiki/Sample-app-events
How are you signing your software? Gave GPG key to a github action?
I download the tarballs locally on my laptop, compute checksums into manifest file and gpg sign the manifest file. Then I upload the manifest and signature asc file to the release. https://github.com/sommerfelddev/sentrum/blob/master/utils/create-signed-manifest.sh No way I would give github my pgp key lol.