Sigh. I know. Most people argue the trade offs. "Wouldn't you rather have software that's risky and poorly distributed than none at all?" Or something to that effect, maybe with less verbosity.
I still love the Obtainium model though. Like let me get the package from the maintainers github, website, ftp site etc. Albeit id prefer more verification... Some maintainers _do_ care about secure supply chains.
And even the repeatable build from source argument is a loss imo. My projects can take anywhere from 5-25 minutes to build from source with powerful processors.
ChipTuner
npub1qd…3fqm7
2026-02-28 19:40:52 CET
in reply to nevent1q…s76g
Author Public Key
npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7Published at
2026-02-28 19:40:52 CETEvent JSON
{
"id": "10f336c9a8284cdb9e1d7e7fe047f5046281df5a1bc9b097b7c7d4c9a8a9d000",
"pubkey": "036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
"created_at": 1772304052,
"kind": 1,
"tags": [
[
"e",
"cd9dd6de9fe712579cf539e07960a329d943126893044465218a406b05a02b88",
"wss://pyramid.fiatjaf.com/",
"root",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
],
[
"e",
"88cef59790a590e3b6741622e1e9865a22fc2ff92e661e376281a254a3bf1749",
"wss://relay.primal.net/",
"reply",
"8633073b8567da97ad119fedd9716154aa283234cbb7d28d5131daa077d1cf7a"
],
[
"p",
"17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4",
"wss://nos.lol/"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"wss://nostr.land/"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
"wss://relay.primal.net/"
],
[
"p",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11",
"wss://nostr.land/"
],
[
"p",
"8633073b8567da97ad119fedd9716154aa283234cbb7d28d5131daa077d1cf7a"
]
],
"content": "Sigh. I know. Most people argue the trade offs. \"Wouldn't you rather have software that's risky and poorly distributed than none at all?\" Or something to that effect, maybe with less verbosity. \n\nI still love the Obtainium model though. Like let me get the package from the maintainers github, website, ftp site etc. Albeit id prefer more verification... Some maintainers _do_ care about secure supply chains. \n\nAnd even the repeatable build from source argument is a loss imo. My projects can take anywhere from 5-25 minutes to build from source with powerful processors. ",
"sig": "c7ae8e4b9b66a022dc7c7fcd70ded2a3fb1e630230f835c633adf976c469d1610b3a5741c26075ec8ea04173fc44622c424fd454e3ba5c44d42350cd73081daf"
}