Comment on Apple removes app created by Andrew Tate
Fight4freedom@sh.itjust.works 1 year agoI use obtainium for my password manager and a few other apps, i also use f-droid for other apps. The way i understood it, is that f droid uses their own keys for signing apps, different from the source of those apps. But i may be mistaken on that. Also, i use graphene os, even though i believe burritos uninstalled it due to personal issues with the origonal copperhead creator. It still is, imo, the most secure os
jet@hackertalks.com 1 year ago
You are correct. F Droid uses their own signing keys to sign the builds they’ve made. The reproducible builds are verified by fdroid but pass through signed by the developer.
Then we’re getting two levels of protection, fdroid a test that the source code used to build the application is the public source code, and the developer attests that the binary matches the code.
But it’s the early days of reproducible builds, I think they just had an announcement where 120 builds are reproducible.