{"id":15471128,"url":"https://github.com/gpestana/peppersource","last_synced_at":"2026-04-28T11:33:56.968Z","repository":{"id":71290262,"uuid":"141703687","full_name":"gpestana/peppersource","owner":"gpestana","description":"Pepper source is a secure and decentralized software distribution utility built on top of IPFS.","archived":false,"fork":false,"pushed_at":"2018-07-24T13:08:17.000Z","size":11850,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-28T19:35:34.512Z","etag":null,"topics":["ipfs","software-release","software-release-management","software-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gpestana.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-20T11:23:56.000Z","updated_at":"2019-07-28T06:57:25.000Z","dependencies_parsed_at":"2023-07-05T12:31:43.265Z","dependency_job_id":null,"html_url":"https://github.com/gpestana/peppersource","commit_stats":{"total_commits":11,"total_committers":1,"mean_commits":11.0,"dds":0.0,"last_synced_commit":"b16181e149e4f3b044a31b2c007a6c6d9535264e"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gpestana/peppersource","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gpestana%2Fpeppersource","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gpestana%2Fpeppersource/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gpestana%2Fpeppersource/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gpestana%2Fpeppersource/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gpestana","download_url":"https://codeload.github.com/gpestana/peppersource/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gpestana%2Fpeppersource/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32379344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T11:25:28.583Z","status":"ssl_error","status_checked_at":"2026-04-28T11:25:05.435Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ipfs","software-release","software-release-management","software-tools"],"created_at":"2024-10-02T02:10:00.366Z","updated_at":"2026-04-28T11:33:56.924Z","avatar_url":"https://github.com/gpestana.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# :fire: Pepper source :fire:\n\nPepper source is a secure and decentralized software distribution \nutility built on top of [IPFS](https://ipfs.io).\n\nIt allows software providers to quickly and securely share software with their\nusers without having to worry about infrastructure, security, notification\nschemes and maintenance. In the future, it will also allow providers\nto offer incentives to clients who allocate disk space and bandwidth by \nstoring and distributing software bundles.\n\nPepper source exposes primitives to provide **storage**, **replication**,  **security**, **notification mechanisms** and **incentives** for software releases by leveraging the IPFS protocol stack and distributed file system.\n\n### Security \n\nPepper source provides a transparent mechanism for verifying content integrity of the software release and identity of the provider:\n\n- The software binaries are signed by the software provider before uploading it\n  to IPFS. The signature is performed using asymmetric crypto algorithms so that\nthe client can verify the provenience of the software bundle. This process is\nall transparent to the provider.\n\n- Binaries are stored based on their cryptographic hashes, making it easy for\nclients to verify the integrity of the software, even when coming from unknown\nsources (e.g. untrusted peers which are not software providers).\n\n### Notification\n\nThe provider can notify its clients that new software bundles (releases,\npatches, updates, ...) are available through a p2p\n[publish/subscription](https://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern) \nmechanism. The notification contains the hash (content address) of the newly \nreleased bundle and metadata about the software bundle being published. With \nthis notification mechanism in place, those interested in the software \n(subscribers) know *when* freshly baked software is ready for download and \n*where from*.\n\n### Replication\n\nAnyone can store and serve copies of the bundled software.  This is done through\nthe\n[pinning](https://ipfs.io/ipfs/QmTkzDwWqPbnAh5YiV5VwcTLnGdwSNsNTn2aDxdXBFca7D/example#/ipfs/QmQwAP9vFjbCtKvD8RkJdCvPHqLQjZfW7Mqbbqx18zd8j7/pinning/readme.md) IPFS primitives and opens up interesting \nopportunities to build incentives so that the provider can rely on its users to\nsecurely store and share replicas of software bundles.\n\n### How to use it (CLI)\n\n```go\n// TODO\n```\n\n### More cool stuff coming up:\n\n- **Client side interfaces**: SDK for software providers to embed to their\n  client side applications which automatically fetches, verifies and apply \nbundles of software released by the provider.\n\n- **Binary encryption**: allow only certain users to access the binaries;\n\n- **Replication incentices**: by providing monetary (or other types) incentives,\n  the provider can make sure its software bundles are \n\n\n:fire: :fire: :fire:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgpestana%2Fpeppersource","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgpestana%2Fpeppersource","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgpestana%2Fpeppersource/lists"}