Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.mobile.android > #146884

Re: Why does open source software include a "signing key"?

Path csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From Arno Welzel <usenet@arnowelzel.de>
Newsgroups comp.mobile.android
Subject Re: Why does open source software include a "signing key"?
Date Fri, 28 Feb 2025 09:01:30 +0100
Lines 30
Message-ID <m2d8qqFo6b0U1@mid.individual.net> (permalink)
References <vpo1h2$2pfr$1@nnrp.usenet.blueworldhosting.com>
Mime-Version 1.0
Content-Type text/plain; charset=UTF-8
Content-Transfer-Encoding 7bit
X-Trace individual.net 6GNjDQrAweWlyiRrCMBHXwcvbBTS/jOGHLt5U86KaFXokJKEec
Cancel-Lock sha1:H0hQDNTVkSZtG4Xgl/bivmyS8CA= sha256:68WlypciN2nRSZkTVWQxpJ2yy+a2mmUB4ZlgGwZRQ2E=
Content-Language de-DE
In-Reply-To <vpo1h2$2pfr$1@nnrp.usenet.blueworldhosting.com>
Xref csiph.com comp.mobile.android:146884

Show key headers only | View raw


Marion, 2025-02-26 22:36:

> I just downloaded the latest version of NewPipe and the download page
> provides the hash (which I understand how to use) plus a signing key.
>  <https://newpipe.net/#download>
> 
> The hash is there to verify that the file hasn't been changed, and the
> signing key is there to also verify that it came from the developers.
> 
> So it seems that the signing key is there so we can tell if the file has
> been modified and also that it was signed by the actual real developers.
>  <https://archive.newpipe.net/fdroid/repo/NewPipe_v0.27.6.apk>

No, the idea is to verify the integrity by *Google* when uploading
applications to Google Play.

In the past this was only done using a private key stored in a local key
store. However this has changed over time.

Also see:

<https://support.google.com/googleplay/android-developer/answer/9842756?hl=en>

<https://ashuvssut.hashnode.dev/android-app-signing>



-- 
Arno Welzel
https://arnowelzel.de

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 21:36 +0000
  Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 21:44 +0000
    Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 22:36 +0000
  Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-02-28 08:43 +0100
    Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:30 +0000
      Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:46 +0000
        Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-02-28 21:42 +0100
  Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-02-28 09:01 +0100
    Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:19 +0000
      Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-01 10:00 +0100
        Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 09:54 +0000
          Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 10:12 +0000
            Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 10:27 +0000
            Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 11:44 +0100
        Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 11:36 +0100
          Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-01 14:22 +0100
            Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 15:40 +0100
              Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-06 11:30 +0100
                Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-06 12:29 +0100
                Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-07 09:01 +0100
                Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-07 09:50 +0100
                Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-07 14:37 +0100
                Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-07 14:58 +0100

csiph-web