this post was submitted on 06 Feb 2024
1053 points (99.0% liked)

Microblog Memes

5726 readers
1513 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

Rules:

  1. Please put at least one word relevant to the post in the post title.
  2. Be nice.
  3. No advertising, brand promotion or guerilla marketing.
  4. Posters are encouraged to link to the toot or tweet etc in the description of posts.

Related communities:

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] step6672@lemm.ee 2 points 9 months ago

Yeah. Basically it builds and then sign the app with their own keys, not the developer's. The problem people has with this approach is that if F-Droid suffers an hacking attempt, the attackers could mess with the apps.

The team behind F-Droid is already trying to fix that with reproducible builds. It means that an APK downloaded through F-Droid could be compared to a GitHub release, for example, and they would have the same key.