111

F-droid is working on locking down (f-droid.org)

submitted 1 year ago by possiblylinux127@lemmy.zip to c/fdroid@lemmy.ml

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] incogtino@lemmy.zip 3 points 1 year ago

Yes, that video is primarily complaining about F-Droid self-signing, and that it creates: a requirement to trust them; a single point of failure for security; and slows updates

The trade off is that developers must maintain their key, if they lose it the user must uninstall and reinstall the app, as Android will not trust an update signed with a different key

[-] Nakres@lemmy.one 2 points 11 months ago

What alternative does the video promote? Trusting Google and the Playstore? Trusting each dev of every app to deliver apks which match the code? I don't want to give the video more clicks if it's scaring away people from F-droid towards worse alternatives.

[-] incogtino@lemmy.zip 1 points 11 months ago

No need to click, it complains about exactly what has now been changed. In essence you are always trusting the dev, why add other parties to that chain

[-] Nakres@lemmy.one 1 points 11 months ago

Wrong, if you are using F-droid, you aren't trusting the dev, you are trusting F-droid and the source code, the dev CAN NOT give you an app that doesn't match the code, and the code can be seen and reviewed by anyone.

this post was submitted on 20 Sep 2023

111 points (98.3% liked)

F-Droid

7923 readers

4 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago

MODERATORS

fossdd@lemmy.ml

testman@lemmy.ml