1. Yes, I agree because Keet for example, displayed a similar behavior and I think they just decided not to push to zap.store anymore for some reason so it lead me to understand that zapstore requires a manual push from developers on top of their already existing GH push (the pear releases GH had the latest one!)..
2. It feels so good to receive .apk updates based on my Nostr account, instead of trust in Google Play Store. Depending on my installed app version, I may sometimes be on a higher version than what's being displayed on zap.store and that requires a manual install from another source.
3. So this may just be a developers dilemma in the end on where they need to push .apk updates to.. (maybe?)
Replies (3)
My bet is it's zap.store signs a bunch stuff themselves. For example, primal on zap.store is signed by zap.store and that is probably the zap.store dev doing the link aggregating from github you're talking about, but this kinda defeats the purpose IMO, but olas for example has a pipeline that signs and publishes to zap.store, which is how it's supposed to be used. Otherwise you're basically just substituting your trust of Google to zap.store supported by a web of trust (most of which probably don't know what the fuck they're actually downloading)
Yeah I agree. nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 can you reassure the public here on what the WoT means, and how .apks are actually fetched from GH? 👀
Keet never pushed anything to Zapstore. If the app on Zapstore is old it's because the link the indexer has may be broken.
Most of the APKs on Zapstore and Github are the same. Incompatible versions are due to different certificates, which would be the case for apps that are pushed to Play Store for example
