Hi Mark,
I just wondered, did this ever get published somewhere?
Best,
Marcus
On 22.06.20 13:20, Mark Murphy wrote:
> On Sun, Jun 21, 2020, at 22:20, John Sullivan wrote:
>> Just a quick comment on that last part. It may be worth mentioning for
>> a fuller picture that F-Droid signs the builds themselves because they
>> build them themselves. They publish all of the source that they are
>> building as well as the server software that does the build. Doesn't
>> mean things are 100% reproducible, but it might be relevant to mention.
>
> The *intent* is for F-Droid to build the apps themselves solely from the
> original sources. With sufficient motivation ("those are lovely kneecaps you
> got there -- it would be a pity if we had to break them"), F-Droid could be
> convinced to deliver altered apps. And, as with the Google App Bundle
> scenario, there is nothing to stop them. That then puts the onus on app
> developers or the broader ecosystem to detect this, and I don't know if
> anyone is looking. Perhaps people are looking and I just don't know about it
> -- if you know of people who are, I'd love to hear about them!
>
> That being said, I replaced the section where I mentioned F-Droid with
> another one where I don't mention them directly. A revised post is attached.
>
> Thanks for the feedback!
>
>
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: [email protected]
>
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
