zap.store on Nostr: With the default F-Droid repository you have an additional (centralized) party to ...
With the default F-Droid repository you have an additional (centralized) party to trust, that is worse not better. In addition, security researchers have pointed out important security flaws with it over the years. Izzy is an exception as, afaik, he does not perform builds.
You say with Obtainium APKs are signed by the dev. How are they signed? How exactly do you verify authenticity upon first install?
Published at
2025-01-30 13:09:21Event JSON
{
"id": "ea63db3f2359f681f9b885faab2c0d68e201f924f459d418c12e40c489ffd2bc",
"pubkey": "78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d",
"created_at": 1738242561,
"kind": 1,
"tags": [
[
"e",
"de975f9ad222e2d6a63492372a32706c3348edcee4075783a53e8ca059c519c1",
"",
"root"
],
[
"e",
"4d1eec6db1c17ff04823638a3300704cfbc908cc8ef4cb6e688031c4b1f872a3"
],
[
"e",
"4b2a21d7b5bd9ad21b3ac16f03376c337ba3d9708b9cdc372e9b25840897be75",
"",
"reply"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"965f6d9b0851f57ff7734bbddebc958bb7c48b6ac24847b311f5bd7096eee020"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"deba271e547767bd6d8eec75eece5615db317a03b07f459134b03e7236005655"
],
[
"p",
"bea424ade017f724f328500662abafcfc27e2aea5a7bcb5cb3bcda50e8fea29f"
]
],
"content": "With the default F-Droid repository you have an additional (centralized) party to trust, that is worse not better. In addition, security researchers have pointed out important security flaws with it over the years. Izzy is an exception as, afaik, he does not perform builds.\n\nYou say with Obtainium APKs are signed by the dev. How are they signed? How exactly do you verify authenticity upon first install?\n",
"sig": "6654f0fe9057f3bcc7da3f70c0edd58e7a215d8b45d921e8b8128c1cf9c67d3ba01a32f462a5c51e3b06d8a26d7c3f5433cc70e23cf7cdec2dfc4a673730a852"
}
