Hi Mark, I just wondered, did this ever get published somewhere?
Best, Marcus On 22.06.20 13:20, Mark Murphy wrote: > On Sun, Jun 21, 2020, at 22:20, John Sullivan wrote: >> Just a quick comment on that last part. It may be worth mentioning for >> a fuller picture that F-Droid signs the builds themselves because they >> build them themselves. They publish all of the source that they are >> building as well as the server software that does the build. Doesn't >> mean things are 100% reproducible, but it might be relevant to mention. > > The *intent* is for F-Droid to build the apps themselves solely from the > original sources. With sufficient motivation ("those are lovely kneecaps you > got there -- it would be a pity if we had to break them"), F-Droid could be > convinced to deliver altered apps. And, as with the Google App Bundle > scenario, there is nothing to stop them. That then puts the onus on app > developers or the broader ecosystem to detect this, and I don't know if > anyone is looking. Perhaps people are looking and I just don't know about it > -- if you know of people who are, I'd love to hear about them! > > That being said, I replaced the section where I mentioned F-Droid with > another one where I don't mention them directly. A revised post is attached. > > Thanks for the feedback! > > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org > _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org