Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.mobile.android > #147059
| From | Arno Welzel <usenet@arnowelzel.de> |
|---|---|
| Newsgroups | comp.mobile.android |
| Subject | Re: Why does open source software include a "signing key"? |
| Date | 2025-03-07 09:01 +0100 |
| Message-ID | <m2vnfjFhmqeU1@mid.individual.net> (permalink) |
| References | (4 earlier) <vpunur$69ss$1@dont-email.me> <m2gg1cF8gagU1@mid.individual.net> <vpv68b$8tek$1@dont-email.me> <m2tbqeF6l2mU4@mid.individual.net> <vqc0us$2v1pf$1@dont-email.me> |
R.Wieser, 2025-03-06 12:29: > Arno, > >> At least one has to suggest an application to be added to the repository >> of F-Droid first > > Yeah, duh. > >> and at this point, the app won't get accepted, if it contains suspicious >> code. > > IOW, F-Droid tries to, as I mentioned before, make sure that the app is on > the up-and-up. > >> this won't work unnoticed > > Really ? There have been cases where the author didn't even know that one > of the resources he used was poisonned. > >> You won't find any of my signatures in the package provided by F-Droid. > > No, but it *does* contain information identifying who made/signed it. Not really. The signatures can not be verified since there is no CA for it. > https://source.android.com/docs/security/features/apksigning > > "App signing allows developers to identify the author of the app" Without any public key available or a CA which confirms the identity of a signature, this is impossible. -- Arno Welzel https://arnowelzel.de
Back to comp.mobile.android | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 21:36 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 21:44 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 22:36 +0000
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-02-28 08:43 +0100
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:30 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:46 +0000
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-02-28 21:42 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-02-28 09:01 +0100
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:19 +0000
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-01 10:00 +0100
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 09:54 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 10:12 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 10:27 +0000
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 11:44 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 11:36 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-01 14:22 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 15:40 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-06 11:30 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-06 12:29 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-07 09:01 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-07 09:50 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-07 14:37 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-07 14:58 +0100
csiph-web