Nick <liberationt...@njw.me.uk> writes: >The wonderful F-Droid already does this, as pointed out in the >article. So it doesn't seem like a proposal so much as an >explanation of why it's important.
F-Droid does a lot of this. I couldn't find a standard way to get the exact source snapshot a particular app's build comes, nor what the build parameters were, although via the web site the app pages do give release numbers. They're hard at work on deterministic builds now, apparently, and I would guess that some of these essentially UI fixes will happen along with that. (I don't mean to sound like a complainer: F-Droid is fantastic. I just hope they'll take it all the way :-) ). >But to be honest I'm not sure why people who are happy to use a >completely proprietary mobile computing system would care that much >about this. They have already voted with their feet that freedom >(and by extension security and privacy) are not important to them. >Sure, there may be plenty of people who are ignorant enough of how >computers actually work to not realise the sacrifices they're >making, but I don't think this article is targeted for them. It's about reducing the number of exposure points. With most app stores, you have to trust the author for each app you have installed, *and* you have to trust the app store. If you can get that down even to just having to trust the app store, that's still a win. One can't just say security and privacy "are" or "are not" important to someone -- it's a matter of tradeoffs. Different people have different tradeoffs they want to make; app stores that offer verified open source apps give them more of a continuum along which to make that decision. Best, -K -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
