Braydon Fuller on Nostr: Several years ago, I put together a proof of concept for package dependency ...
Several years ago, I put together a proof of concept for package dependency management that uses git with signature verification for more secure dependency management. Each dependency update is verified with each of the maintainer's key.
For reference, please visit:
https://github.com/braydonf/gpkThe trick, you just need to have a git remote for ALL dependencies and have public keys for ALL maintainers. A registry for packages that support it would greatly help in that regard!
Decentralized software registries in Nostr?
Published at
2024-01-29 23:55:30Event JSON
{
"id": "f0db5561993e1d784674a181a6b1226518e29efde416797896e1e97383b33825",
"pubkey": "1bf9f239dca1636149bc2f3fc334077ae959ea9607cacf945ef8f8bb227dc5e1",
"created_at": 1706568930,
"kind": 1,
"tags": [
[
"r",
"https://github.com/braydonf/gpk"
]
],
"content": "Several years ago, I put together a proof of concept for package dependency management that uses git with signature verification for more secure dependency management. Each dependency update is verified with each of the maintainer's key.\n\nFor reference, please visit: https://github.com/braydonf/gpk\n\nThe trick, you just need to have a git remote for ALL dependencies and have public keys for ALL maintainers. A registry for packages that support it would greatly help in that regard!\n\nDecentralized software registries in Nostr?",
"sig": "38847bd3c4e638ce339ce775c1b4c23c8ec3fdfe29c032c71bcd6f6fc0d0bd1c5ac235cc7546277fd69bfb3d0143b377f6565ddec0d37dded8b120398a0597bb"
}