Keags

Tor accomplishes this by putting everything behind the tor socks5 reverse proxy. We could try implementing it like that, we'd need to use socks5h so that host resolution was deferred...

This seems to only apply to outgoing traffic.

Right but tor somehow accomplishes a mapping from asdf...asdf.onion to a specific service. That technology does work somehow. What would it take to replicate that?

This seems like it might be two features: 1. Add the ability to add/replace package signing keys from the developer/maintainer 2. Add the ability to add/replace the package repository (registry)

Ok so I will separate them out into their own items. From the sound of your comment, the alt marketplaces one is contingent on having key management infrastructure so that...

The design has been punted since the package format is versioned. How we handle trust chains will be dealt with in the next package version.

0.3.1 SoW: Scope this completely. Do not need to implement for 0.3.1

> limit users accidentally performing unwanted changes. `sudo rm -rf /*` 💣

I can imagine something more general for this: differentiation between protocol and application. Here, the protocol *is* Bitwarden, the implementation is Vaultwarden. Other cases where we have this: Lightning (LND,...

I think there's a fair bit of distance between being able to specify those protocols colloquially and having a system that is modular over protocols. But yes, aspirationally this is...