Event JSON
{
"id": "c23fd7214bd49dd4b26df6a9d0d7642f4c69d98b35eff42a505ba0dcabb8fcf8",
"pubkey": "6b3b9e7f61cdf2ee3defb5930b7f8be364c6d9b1787fc454b94ce0a1b7754dd1",
"created_at": 1745472327,
"kind": 1,
"tags": [
[
"p",
"710ef6e8645ccdc57be4fe21cdd44ddcfbb42d011aa88e55b790c90a690a5bfb",
"wss://relay.mostr.pub"
],
[
"p",
"58a13c811a444488aad37a544a16a0ca67530f0784d104729daefd8ddf389c78",
"wss://relay.mostr.pub"
],
[
"e",
"12d8b7170941b96ed72db4d14c713ee9caac8ba475918fee9f2c89bd3dbb167f",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/still/statuses/114391274450226407",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqwy80d6rytnxu27lylcsum4zdmnamgtgpr25gu4dhjrys56g2t0as40rnuw this is unrelated to what I'm talking about - that code signing only protects the package during/after transit. It does not offer any integrity checks after the binary has been installed (i.e., someone can just tamper with ssh well after it's been deployed).",
"sig": "79af0280d63a926c015ade45312e6baf5367b553fa07dc64688c291128af98d0985fc680137a744a4fd080f82b1f3d9152fee2fbc87bf1f892276e1e741b0645"
}
