Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.mobile.android > #146888
| From | Marion <marion@facts.com> |
|---|---|
| Newsgroups | comp.mobile.android |
| Subject | Re: Why does open source software include a "signing key"? |
| Date | 2025-02-28 19:30 +0000 |
| Organization | BWH Usenet Archive (https://usenet.blueworldhosting.com) |
| Message-ID | <vpt2sp$1cfq$1@nnrp.usenet.blueworldhosting.com> (permalink) |
| References | <vpo1h2$2pfr$1@nnrp.usenet.blueworldhosting.com> <vprpg0$3infk$1@dont-email.me> |
On Fri, 28 Feb 2025 08:43:39 +0100, R.Wieser wrote : >> So it seems that the signing key is there so *we* can tell if the file has >> been modified and also that it was signed by the actual real developers. > > (emphasis mine) No. I'm confused by that answer, but it may be that Rudy knows more than I do. I don't know anything about signatures, so it "could" be that Rudy knows more, but, my research shows that statement above to be true, not false. Given I don't even have the Google Play Store app APK on my phone, and yet I install APKs from the Google Play repository all the time, in addition to installing apps (like <https://newpipe.net/#download>) which have nothing to do with the Google Play store, that answer doesn't help to explain how the ecosystem works with respect to signing of apps NOT on the Google Play Store ecosystem. Arno kindly brought up the point that there could be two related keys: a. App signing key b. Upload key However, if we focus on FOSS tools such as NewPipe, which is distributed outside of the Google Play Store, we can completely disregard the concept of the "upload key" entirely. Since NewPipe isn't on the Google Play Store, it doesn't utilize Google Play App Signing. Therefore, there's no separation of an upload key and an app signing key as described in Arno's suggested Google Play web cites. Apparently, instead, NewPipe uses a single signing key to sign its APKs. As far as I can tell, this key serves both the purpose of verifying the app's authenticity and ensuring that updates come from the same source. Why do you (seem to) think otherwise, Rudy?
Back to comp.mobile.android | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 21:36 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 21:44 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-26 22:36 +0000
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-02-28 08:43 +0100
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:30 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:46 +0000
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-02-28 21:42 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-02-28 09:01 +0100
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-02-28 19:19 +0000
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-01 10:00 +0100
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 09:54 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 10:12 +0000
Re: Why does open source software include a "signing key"? Marion <marion@facts.com> - 2025-03-01 10:27 +0000
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 11:44 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 11:36 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-01 14:22 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-01 15:40 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-06 11:30 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-06 12:29 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-07 09:01 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-07 09:50 +0100
Re: Why does open source software include a "signing key"? Arno Welzel <usenet@arnowelzel.de> - 2025-03-07 14:37 +0100
Re: Why does open source software include a "signing key"? "R.Wieser" <address@is.invalid> - 2025-03-07 14:58 +0100
csiph-web