pull down to refresh

I really like this idea. I think it would have to be included in some format though that would be free from manipulation or removal, it shouldn't just be included in plaintext format so that anyone who had access to the code could just delete it or change it. Perhaps there could be some kind of webring-style service setup on nostr or a similar platform, that existed using a weighted trust kind of model, to ensure that people who were added to it for receiving payouts for contributions were individuals/developers who were known to other people who were known to be actual, contributing developers. Basically, if person A is a prominent developer who is known by many people, but person C is a developer who also contributes but isn't known by many people -- as long as they have one person (person B) in common, who can vouch for them, so to speak, it would enable their inclusion. Kind of similar to "social proofs", if you are familiar with the concept.
Could have any software/projects built that wanted to include it, just include the webring service thing as a dependency/included library, and it would periodically sync up with a web URL/nostr node that could push an array of the different lightning addresses, etc.
Glad you like it!
Yeah, ensuring malicious people don't replace the lightning addresses of the component maintainers is critical. The same thing goes for not having dependencies which are clones of the actual library, just with added malware.
Payments per component would further incentivize devs to fork their dependencies as soon as they run into trouble with them. And then keep the forks alive, to have their own payment address set.
Guess that leads us further towards some kind of reputation-based system like what you suggest.
reply