|
|
|
|
|
|
by sneak
1568 days ago
|
|
|
I find the distributor-does-the-building-and-signing to be problematic from a security point of view. I would much prefer that each developer does a build, signs it, and a notarization of some kind is added by the distributor. It seems to me that if you can compromise the f-droid infrastructure you can compromise millions of handsets. |
|
|
> This means that F-Droid can verify that an app is 100% free software while still using the original developer’s APK signatures