Moritz Hedtke

@TotalKrill But wouldn't that concrete and probably common problem be better fixed with some way to pin/override dependencies of dependencies?

Isn't it possible for a user to just generate a new peer id? > You could use a blacklist and a custom access controller where you overwrite "canAppend()" in order...

I think the only (decentralized) way would be something like a [Web of Trust ](https://en.wikipedia.org/wiki/Web_of_trust) which is currently infeasible

@hazae41 As far as I understand that paper the problem today is that captchas can be solved faster by computers than by humans and for a spammer it would be...

As a minimal idea I would love to see startup notification as my acme services fail as they seem to startup faster than step-ca. (Maybe I also don't know systemd...

> Well, considering how much this hurts usability I think this goes the wrong way. Yeah that's the reason I don't intend to want to get this merged the current...

> > I just removed the yarn.lock and added package-lock.json because that's what I'm using so I'm not sure if you mislooked or tried using yarn locally. > > Indeed,...

> SHA256 verification of downloads or similar might be easier to implement than HTTPS?... > > (Of course, both would be better eventually.) I don't know if I'm just stupid...

@Hexstream So yeah you meant a combination. I thought you meant to only use SHA256 sums.

Just my two bits: I don't really like that quicklisp still uses md5 as it is really insecure.