Where is the source of metadata.bin?

[Nexus2k]

There's no chance I run some random binary on my machine for a token that's not even listed on coinmarketcap.com please provide the source of metadata.bin that the bash verification method is loading.

[KnockKnockWho]

metadata.bin is not an executable and it is not run. It contains data for ownership verification, including temporary Ethereum addresses that are encrypted with the users' public keys. To claim the drop with almost zero risk:

1. Remove your public SSH key from GitHub and all locations where you use it, including SSH servers. From now on assume that you have published your private SSH key (assume breach).
2. Rent a cheap VPS somewhere. Copy private and public SSH key to the VPS.
3. Execute the Docker container to generate the proof there.

[aayusharyan]

Hahaha, you expect developers to do that for a token that isn't even listed, nice.

[boneyard93501]

https://github.com/fluencelabs/dev-rewards/blob/0cd41bcfb1ef07dce92390c88b0c160665ae10d3/MANUAL_INSTRUCTIONS.md?plain=1#L12

[KnockKnockWho]

Hahaha, you expect developers to do that for a token that isn't even listed, nice.

I'm not affiliated with the project, so I don't expect anyone to do anything, but I like the approach of using airdrops to reward open-source developers. In particular, I like the technicality of the execution in this case. Obviously, whether claiming the token will be worth the effort and the gas fee is a gamble which you can lose or win.

But I agree it could have been implemented in a way that requires less trust, for example, by providing a website that performs the necessary calculations up to the point where the user is instructed to sign the intermediate computation result using software that is well-known and trusted.