Event JSON
{
"id": "218b0627a380c5eb88d9fd9315d75815abd935f8476e8ad746ac05ee0e524ab9",
"pubkey": "efbbd7026f8bb724be9632bdd3b5d2c8f2ed47f5f88a858dbd5c387a39f8b5a9",
"created_at": 1745473904,
"kind": 1,
"tags": [
[
"p",
"4a23c3acf8704331259490f7a582e20ac432568bafa967588b2c8a53368cc48c",
"wss://relay.mostr.pub"
],
[
"p",
"6b3b9e7f61cdf2ee3defb5930b7f8be364c6d9b1787fc454b94ce0a1b7754dd1",
"wss://relay.mostr.pub"
],
[
"e",
"518ff19c6ef560bf209eb6fadf435d06b45160a349aabed9e691a666438bc533",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mathstodon.xyz/users/aloz1/statuses/114391377782537142",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqfg3u8t8cwppnzfv5jrm6tqhzptzry45t475kwkyt9j99xd5vcjxqynqkt3 not sure if it's really 'code signing' as such, but Redhat (and derivatives) now include fapolicyd, which is an allow-list suite. It let's you allow-list by hash and location. I think all binaries \u0026 scripts from packages are automatically added to the allow-list. The two together (signed package + allow-list hash) might work as a \"signed application\" type thing?!",
"sig": "c690e8f0819fb55185c5038a6b57a3da409162959b7cbcd3cedbb4a5f735c65704e3b951659b579cd5a55bf00b2f6423e3fd24920cebb9349dbf06ac63e59536"
}
