Gigi ⚡🧡 on Nostr: 👀 nostr:note1c586utzkuw54qlsj0apttkchuwdq6e08vugtdkyaqg32j67dt3yqsux6u9
👀
quoting note1c58…x6u9A post from the developer of WireGuard on the severe security flaws and lack of trustworthiness of F-Droid:
https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404
This led to them including a self-update system which was openly implemented and documented. F-Droid was unaware they'd shipped it for half a year, and by then WireGuard had essentially escaped from in their words being held hostage by F-Droid.
This was a rare case where an app used developer signing keys via their flawed reproducible builds system. Most don't.