|
|
|
|
|
|
by leo_e
198 days ago
|
|
|
This will inevitably be used as ammunition against sideloading, but it’s really a lesson in supply chain trust. When we move away from walled gardens (which I support), the burden of verifying the "chain of custody" shifts to the user. Installing an APK that auto-updates with root/system privileges is essentially giving a single developer the keys to your living room. We need better intermediate trust models—like reproducible builds signed by a quorum of maintainers—rather than just "trust this GitHub release." |
|
|