|Jordan Doyle 9b363f635d||1 year ago|
|src||1 year ago|
|.gitignore||1 year ago|
|.prettierrc||1 year ago|
|README.md||1 year ago|
|manifest.json||1 year ago|
|package-lock.json||1 year ago|
|package.json||1 year ago|
|tsconfig.json||1 year ago|
|tslint.json||1 year ago|
|webpack.config.js||1 year ago|
registered, if they do then all scripts loaded from that domain must be signed by
the user using a
data-signature attribute containing a link to the detached
signature of the script.
That's where KPJS comes in, instead of trusting a server in some data centre somewhere to give us “safe” scripts, we trust people instead. Using GPG and Keybase we can have publicly verifiable proof that a script was signed by a person that we trust rather than a malicious third party (unless our trusted party's GPG key is compromised - but that's a little bit harder than compromising a server and usually involves leaving the house).