Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
That is a fair point. The protection of the main fdroid repo is that they build it from source and then compare the binaries to make sure they match if i understand reproduceable builds correctly.
Edit: But if a hacker hacked the developer, wouldn’t they just change the source code as well so that they still match? Like if I wanted to hack Monerujo id want to get the git repo if possible along with the repo keys so i could push malicious code to the git repo, build a binary from that malicious code, publish it on the devs fdroid repo and then when fdroid compares the binary to source they match even though they are malicious.
That is a fair point. The protection of the main fdroid repo is that they build it from source and then compare the binaries to make sure they match if i understand reproduceable builds correctly.
Edit: But if a hacker hacked the developer, wouldn’t they just change the source code as well so that they still match? Like if I wanted to hack Monerujo id want to get the git repo if possible along with the repo keys so i could push malicious code to the git repo, build a binary from that malicious code, publish it on the devs fdroid repo and then when fdroid compares the binary to source they match even though they are malicious.