Thread - Nostr Hypermedia

DanConwayDev _@danconwaydev.com 9 months ago

"I have to trust that the interface telling me that he has approved the PR is being truthful when I merge it. "

Distrust the infrastructure in workflow management, issue tracking, and doc PR review · Issue #3958 · QubesOS/qubes-issues

We aim to distrust the infrastructure. However, as we've discussed previously and more recently, we actually trust GitHub quite a bit for workflow ...

They'd love signed OTS'd ACKs:

DanConwayDev

OpenTimestamped ACKs are native and easy when using #GitViaNostr View quoted note → View quoted note →

View quoted note →

↑ Parent

Replies (2)

joe joe_@getalby.com 9 months ago

What's the benefit to using OTS vs PGP signing an ACK that includes the date and time?

1 replies ↓

DanConwayDev _@danconwaydev.com 9 months ago

Say a vulnerability was merged 1 year ago and it was ACK'd by someone who has since had their PGP compromised. How would you know the ACK was signed ahead of the merge rather than after the key compromise?

2 replies ↓