1. I mixed up some concerns in my head.
My concerns are that developers can do sneaky things by replacing events on users. Having a chain of versions I can see/store is what I was considering, that way I, the user, can decide which versions I want to run. And/or sneaky patches that alter the release system.
Im concerned knowing that most organizations are going to have their release cycle automated and signing key stored in their devops system, if a safe version was replaced with a malicious version, users platforms might be able to roll back to a previous version, or users as well.
What stops the publisher from replacing all versions at some point in the future, disallowing me from running an old version they had? I understand these are problems will face today, but I think we can fix that with some immutability.
ChipTuner
npub1qd…3fqm7
2026-01-29 21:13:23 UTC
in reply to nevent1q…dd5g
Author Public Key
npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7Published at
2026-01-29 21:13:23 UTCEvent JSON
{
"id": "6a4531c556e98d1030fa203549ba5f42b0b541087004240e4647189fa8e9a381",
"pubkey": "036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
"created_at": 1769721203,
"kind": 1,
"tags": [
[
"e",
"638a3651256f17b3f9138771de66b8d193b2c5a5658ae2ec4b93b3586dbdc32f",
"",
"root",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
],
[
"e",
"22f11f8b4b8eb83882b026464a53e07ab893d3e782612bb8be4ef17fc70752fa",
"nostr-idb://cache-relay",
"reply",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58"
],
[
"p",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
]
],
"content": "1. I mixed up some concerns in my head. \n\nMy concerns are that developers can do sneaky things by replacing events on users. Having a chain of versions I can see/store is what I was considering, that way I, the user, can decide which versions I want to run. And/or sneaky patches that alter the release system. \n\nIm concerned knowing that most organizations are going to have their release cycle automated and signing key stored in their devops system, if a safe version was replaced with a malicious version, users platforms might be able to roll back to a previous version, or users as well. \n\nWhat stops the publisher from replacing all versions at some point in the future, disallowing me from running an old version they had? I understand these are problems will face today, but I think we can fix that with some immutability.",
"sig": "fecfc1914a8c14e3dc48b6d62b215cf061903bf6770afa28f5f2303d09c77c4cd3d03362c03615f1b59d19f585b23e00661b74dc3e59d7487c318c7e3b45b57a"
}