Thread - Nostr Hypermedia

Even if you looked at backend source code it could still get hacked and swapped out. This is a real concern. If the caching relay started serving zap addresses that didn’t match profiles… you could be sending sats to hackers on all profiles. This can’t really happen on iOS due to how code signing works, ios verifies binary signature chains from apple and the developer.

↑ Parent

Replies (2)

Laser laser@primal.net 0 years ago

Immutable container runtimes are becoming more and more prevalent. It should be possible to build a cryptographically verifyable container for every commit on Github, then automtically deploy that container to an immutabl container runtime engine in such a way that the entire live production backend could be verified by users. @miljan can you have the devs chew on this? I think its in Primal's best interst to put this type of concern trolling to rest.

3 replies ↓

franzap fran@zapstore.dev 0 years ago

Immutable container runtimes sounds powerful, however I don't see how it can be proved/enforced. Do you have any pointers to how they work? @aljaz do you know anything about this?

1 replies ↓