Yeah so like you've just rediscovered proof of work. If a bunch of people clone it, who can say which repo is the real repo? Well you burn a bunch of electricity in a provable way to vote for a repo. The repo with the most burned electricity is the real repo.
> Yeah so like you've just rediscovered proof of work. If a bunch of people clone it, who can say which repo is the real repo? Well you burn a bunch of electricity in a provable way to vote for a repo. The repo with the most burned electricity is the real repo.
what? no, the original repo is the real repo. my point is, is that the transparency makes it impossible for you to not trust me/GitHub.
why wouldn't you trust? you can see nothing was altered yourself - and if it is altered, the issue isn't trust anymore, I've simply committed fraud and you can use the existing legal system to punish me.
this is the same reason you would trust open source software installed on your machine, said machine that presumably has access to your environment/browser/etc which could contain a virus to take your existing fiat money today.
The central authority (here, Github or the repo owner) can rewrite history by rebasing and then force pushing. The only way you can detect that as a third party is by cloning the repo and periodically pulling to make sure the history of the main/master branch has not been altered.
If it has been altered, how can you prove that you didn't just rewrite history locally and then make a spurious claim? You would need others with local copies to vote on which history was legitimate.
if one were to actually implement what I'm describing, the transactions would need to be signed by the participating parties, so it wouldn't be possible to do what you're describing anyway.
How can you know nothing was altered, even if you stay in constant sync with the git repo, if github wanted they could selectively send different copies to different people. The entire point is that it's a trustless system where malicious actors get drowned out by others, especially if they're uncoordinated.
So in case you get mismatches, you can then have a bunch of humans figure out what happened and how to recover from it, and if necessary, involve a court system to settle disputes based on the evidence that exists.
This type of human resolution is needed even in blockchain systems: people will try and fork, people will try to launch 51% attacks, software will have bugs. In the end, a blockchain is a bunch of bits. People believing it and acting based on it is what matters.
Then what happens when your comparison fails. There's no consensus mechanism. But then can't everyone just start using a fork from the last time you all agreed (ignoring that coming to a consensus on where to fork would pretty much be impossible)? Well since github is hosting that git repo, and they're the malicious actor, they just alter that as well. You could take them to court, but this would take a huge amount of time. Effectively if you have a central authority you gain nothing from a public ledger because you have to trust them in the first place. Maybe it makes it quicker to find out that fraud has been committed, but the individual(s) who suffered from it will probably be suing anyhow.
that's not really possible - presumably if someone were implementing what I was describing they'd have it so all transactions are signed by the participants. they wouldn't have the private key(s) so, well, it's impossible.
