[ta1771]

Any history of this?

For anyone: Why don't they cross-sign with their key+dev key?

[folmar]

Because the builds are (generally) not reproducible

[sneak]

I think cross-signing implies adding a second signature (notarization) to an existing dev-signed build, not doing a rebuild.

Does apk support such a thing?