Comment on apps .. repo or not
lurch@sh.itjust.works 2 months ago
I don’t trust f-droid as well, because some of its apps crash the (un)installer and can therefore never be removed.
However, you need a trustworthy party and they have to digitally sign the APK after checking the code (changes) and compiling it themselves. They can also sign messages they send to the public.
kristoff@infosec.pub 2 months ago
Hum , interesting point. If you where a hacker, would you not prefer software to be spread out everywhere so people would be even more confused what is the real source for some application?
I guess people would then just depend on their search engine