That’s it. Would you recommended any other repository?

  • shortwavesurfer
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    8 months ago

    That is a fair point. The protection of the main fdroid repo is that they build it from source and then compare the binaries to make sure they match if i understand reproduceable builds correctly.

    Edit: But if a hacker hacked the developer, wouldn’t they just change the source code as well so that they still match? Like if I wanted to hack Monerujo id want to get the git repo if possible along with the repo keys so i could push malicious code to the git repo, build a binary from that malicious code, publish it on the devs fdroid repo and then when fdroid compares the binary to source they match even though they are malicious.