• incogtino
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Yes, that video is primarily complaining about F-Droid self-signing, and that it creates: a requirement to trust them; a single point of failure for security; and slows updates

    The trade off is that developers must maintain their key, if they lose it the user must uninstall and reinstall the app, as Android will not trust an update signed with a different key

    • Nakres@lemmy.one
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      What alternative does the video promote? Trusting Google and the Playstore? Trusting each dev of every app to deliver apks which match the code? I don’t want to give the video more clicks if it’s scaring away people from F-droid towards worse alternatives.

      • incogtino
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        No need to click, it complains about exactly what has now been changed. In essence you are always trusting the dev, why add other parties to that chain

        • Nakres@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Wrong, if you are using F-droid, you aren’t trusting the dev, you are trusting F-droid and the source code, the dev CAN NOT give you an app that doesn’t match the code, and the code can be seen and reviewed by anyone.