• I Cast Fist@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    7 days ago

    It’s trust less in the sense that commits can’t be easily forged and are signed with cryptographic keys and identities.

    I’m pretty sure being able to verify that the person responsible for a push is an actual maintainer is the opposite of trustless.

    • simplymath@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      7 days ago

      How is it any different than verifying that a transaction occurred?

      How is a trusted repository different from a hard fork?

      Isn’t “proving someone is a maintainer” just an IRL proof of stake?

      • I Cast Fist@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        7 days ago

        How is it any different than verifying that a transaction occurred?

        With a centralized trust source (bank), you ask for the records.

        How is a trusted repository different from a hard fork?

        Because you check who owns and maintains it. A notable example was with Simple Apps for Android, earlier this year the main repo was sold to a company. Trust was lost, thus a fork was created to keep the original stuff.

        • simplymath@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          7 days ago

          Right, but isn’t the “main chain” of Ethereum based on a similar principle wherein it’s the main chain because it’s the one the devs use?

          What about BTC vs BTC lightning.

          I’m genuinely failing to see a distinction here, and, again, the wiki article says that blockchains are special cases of Merkle trees.

          • I Cast Fist@programming.dev
            link
            fedilink
            arrow-up
            2
            ·
            7 days ago

            Right, but isn’t the “main chain” of Ethereum based on a similar principle wherein it’s the main chain because it’s the one the devs use?

            No clue, I don’t keep an eye on that, I’m partially aware that there are several similar forks (and eth classic was a result of scammy shenanigans) but, afaict, none try to pretend they’re the “real” ethereum.

            I’m genuinely failing to see a distinction here

            A distinction between trust and trustless? Because my initial point was that git isn’t trustless, because it works just like any other online system that requires a login, where a central server/database checks if the user sending inputs was properly identified by some mean (password, cryptographic key, something else). Implementing a Merkle or any other hash tree doesn’t make something trustless

            • simplymath@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              7 days ago

              does git require authentication with a central server? I know that’s common practice and true of github, but my recollection was that it was meant to fix the problem of distributed kernel development via an email listserv in the early 2000s. This stack exchange post discusses how it’s not really centralized

              • I Cast Fist@programming.dev
                link
                fedilink
                arrow-up
                1
                ·
                7 days ago

                Not being centralized has nothing to do with being trustless. The fediverse is also decentralized, yet you, me and everyone else has to log in to a specific server. If I try to login via lemmy.world, it’ll fail. I have to login via programming.dev. Does that make lemmy and the fediverse trustless? No.

                Even the top answer on that SO question explains that the use case of hash trees for git is different from that of blockchain

                  • simplymath@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    7 days ago

                    183 votes for your “similar but not the same” and 103 votes for “they are the same”. At the very least, I’d say this is far from settled fact

                  • I Cast Fist@programming.dev
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    7 days ago

                    You’re completely ignoring the point that being decentralized and/or implementing hash trees does not make a system trustless