Comment on Apple removes app created by Andrew Tate
jet@hackertalks.com 1 year agoThat’s super interesting. I looked at the burrito video, justifying the migration away from f Droid. And I agree, there’s a lot of good reasons to use the developer keys directly. One nice benefit of f droid though is ensuring the source code matches the binary. With their recent progress in reproducible builds, and using the developer signing keys for those builds, we get the best of both worlds.
Fight4freedom@sh.itjust.works 1 year ago
I use obtainium for my password manager and a few other apps, i also use f-droid for other apps. The way i understood it, is that f droid uses their own keys for signing apps, different from the source of those apps. But i may be mistaken on that. Also, i use graphene os, even though i believe burritos uninstalled it due to personal issues with the origonal copperhead creator. It still is, imo, the most secure os
jet@hackertalks.com 1 year ago
You are correct. F Droid uses their own signing keys to sign the builds they’ve made. The reproducible builds are verified by fdroid but pass through signed by the developer.
Then we’re getting two levels of protection, fdroid a test that the source code used to build the application is the public source code, and the developer attests that the binary matches the code.
But it’s the early days of reproducible builds, I think they just had an announcement where 120 builds are reproducible.