Event JSON
{
"id": "546675ec38118cbb631b51e845da05b76cf3aebcce5f15645cd5189549b89f77",
"pubkey": "726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11",
"created_at": 1719966644,
"kind": 1,
"tags": [
[
"e",
"7fba60aa1cd8232156992ed5fe69a5c5cdd201b4b8bf2ade5152291036b2f67f",
"wss://relay.primal.net/",
"root"
],
[
"e",
"6d6d10c735d1d81739603029f9fd392f565a5f38f2c720fc246123f0d1fb3430",
"wss://relay.primal.net/",
"reply"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
"",
"mention"
],
[
"p",
"a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d",
"",
"mention"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d",
"wss://nostr.bitcoiner.social/",
"mention"
]
],
"content": "I don't think there's a way to verify a package other than trusting the builder/signer. That's what reproducible builds are for.\n\nArtifact hashes: yes, NIP-94\n\nPGP: we're adding it to kind 0s! Currently building a tool developers will use with the ability to attach their PGP keys or certs. See\n\nnostr:nevent1qvzqqqqqqypzq7xwd748yfjrsu5yuerm56fcn9tntmyv04w95etn0e23xrczvvraqywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9uq3qamnwvaz7tmwdaehgu3wd4hk6tcqypewzwqc7gf5vg36j2k472vrydefykd9pjw0mgr8qmfk5c629448cazxqs8\n",
"sig": "40dfe6c25f2110b2e44a77d98c1d300983f28a6ef9abfd4f2710f43466748468cd8a76e8bd9476d960c2cfa958852686813b230ade7ff5047324364ae7ebf559"
}