You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Truthfully, bundling dependencies is insufficient as well, for the way DNSChain gets installed is via npm install and that requires trusting X.509 + NPM.
Still, bundling dependencies is a meaningful improvement we can do.
At some point in the future a way to sign DNSChain releases would be useful. This could be accomplished by distributing DNSChain as a tar+gzip'd file and using a special loader to run it. The signature could be verified via a blockchain.
We already specify precise version numbers, but this isn't enough.
Truthfully, bundling dependencies is insufficient as well, for the way DNSChain gets installed is via
npm installand that requires trusting X.509 + NPM.Still, bundling dependencies is a meaningful improvement we can do.
At some point in the future a way to sign DNSChain releases would be useful. This could be accomplished by distributing DNSChain as a tar+gzip'd file and using a special loader to run it. The signature could be verified via a blockchain.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: