so this would be a way for me to validate that whatever the host server is sending me is signed states only, but requires that whoever is pushing signs an event. I think I get it now. thank you for the explanation.
my instinctive thinking is that git trees are very sensitive to unexpected changes and often plagued by conflicts over inconsistencies in the source code between remote and local copies. I am also assuming that maintainers hold the source code in a local copy. so in my mind, it is hard to force push changes that wouldn't be caught by git. then, the fact that you can just migrate your work over to a different server in a frictionless manner be enough to address the issue from the maintainers perspective, detect malicious intervention in codebase, update the repo announcement with a new remote url and it's done.
but I can understand that if we can actually prevent that from happening, by rejecting a push/fetch altogether based on a distributed state it does provide a better experience. thank you again for the explanation. I'll have to make adjustments on my side.
gugabfigueiredo / Guga Figueiredo
npub1up…2sfek
2024-08-27 04:41:17
in reply to nevent1q…0xtk
Author Public Key
npub1uplxcy63up7gx7cladkrvfqh834n7ylyp46l3e8t660l7peec8rsd2sfekPublished at
2024-08-27 04:41:17Event JSON
{
"id": "e43a3e97223d724f505ded5f2756449661aeb1eed06b89e8e0e94894b3899d10",
"pubkey": "e07e6c1351e07c837b1feb6c3624173c6b3f13e40d75f8e4ebd69fff0739c1c7",
"created_at": 1724733677,
"kind": 1,
"tags": [
[
"p",
"e07e6c1351e07c837b1feb6c3624173c6b3f13e40d75f8e4ebd69fff0739c1c7"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"cfd7df62799a22e384a4ab5da8c4026c875b119d0f47c2716b20cdac9cc1f1a6"
],
[
"p",
"a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d"
],
[
"e",
"61dc9ee6b1a102808bd7c9aa9d909a45d8edfdd5c5386c16fcbccdc3be84fc23",
"",
"root"
],
[
"e",
"f9c35ba6ce5a13027d0fbcc21d2021edb21d0e6d604ab96b6886684de2f2dc06",
"wss://a.nos.lol",
"reply"
]
],
"content": "so this would be a way for me to validate that whatever the host server is sending me is signed states only, but requires that whoever is pushing signs an event. I think I get it now. thank you for the explanation.\n\nmy instinctive thinking is that git trees are very sensitive to unexpected changes and often plagued by conflicts over inconsistencies in the source code between remote and local copies. I am also assuming that maintainers hold the source code in a local copy. so in my mind, it is hard to force push changes that wouldn't be caught by git. then, the fact that you can just migrate your work over to a different server in a frictionless manner be enough to address the issue from the maintainers perspective, detect malicious intervention in codebase, update the repo announcement with a new remote url and it's done.\n\nbut I can understand that if we can actually prevent that from happening, by rejecting a push/fetch altogether based on a distributed state it does provide a better experience. thank you again for the explanation. I'll have to make adjustments on my side.",
"sig": "f1da1a40bff10c93b9265cb4460bf84a408c66d7f91c1bd4bdf25df0633e8a26b733496e0990ab41e3fdbfc8a110204942899d7f59aa661beb12b96c6641d526"
}