FDroid repos are similar to Debian apt repos in that they do not rely on the security of the server they are on or the network transmission method. Once you trust a signing key, then it can verify whether all files in the repo are what they should be.
Keep in mind the https://s3.amazonaws.com/guardianproject-fdroid/fdroid/repo should be considered a test repo for now, since it uses a test key for signing. I'll be finishing up the final repo soon, and the signing key for that one should be included in the FDroid app itself, so it'll automatically know which signing key to trust as long as you get a real FDroid APK. .hc On 06/25/2014 04:41 PM, Nathan of Guardian wrote: > > We are now mirroring our F-Droid repos onto Amazon S3, and have created a > simple page to allow people to bootstrap the fdroid app and our repo here: > > https://s3.amazonaws.com/guardianproject/index.html > > Obviously, trusting Amazon with our binaries is not ideal, but it has been > shown that even China and Iran are not willing to block S3 at this point in > time. In addition, the apps and repo is signed with our private key. > > Let me know what you think! > > +n > > > > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info > > You are subscribed as: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
