From 62eddbd2e948f7a344ba032fde4850279fbba85a Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Tue, 4 Jan 2022 00:34:26 +0100 Subject: [PATCH] add mention of pgp use --- content/posts/fdroid-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/fdroid-issues.md b/content/posts/fdroid-issues.md index 5b2ecbc..b9e3f9d 100644 --- a/content/posts/fdroid-issues.md +++ b/content/posts/fdroid-issues.md @@ -85,7 +85,7 @@ It is an important security feature that is also straightforward to implement. S ``` -F-Droid also has a problem regarding the adoption of **[new signature schemes](https://source.android.com/security/apksigning)** as they [held out on the v1 signature scheme](https://forum.f-droid.org/t/why-f-droid-is-still-using-apk-signature-scheme-v1/10602) (which was [horrible](https://www.xda-developers.com/janus-vulnerability-android-apps/) and deprecated since 2017) until they were forced by Android 11 requirements to support the newer v2/v3 schemes. Quite frankly, this is straight-up bad. +F-Droid also has a problem regarding the adoption of **[new signature schemes](https://source.android.com/security/apksigning)** as they [held out on the v1 signature scheme](https://forum.f-droid.org/t/why-f-droid-is-still-using-apk-signature-scheme-v1/10602) (which was [horrible](https://www.xda-developers.com/janus-vulnerability-android-apps/) and deprecated since 2017) until they were forced by Android 11 requirements to support the newer v2/v3 schemes. Quite frankly, this is straight-up bad, and signing APKs with GPG is no better considering [how bad PGP and its reference implementation GPG are](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) (even Debian [moved away from it](https://wiki.debian.org/Teams/Apt/Spec/AptSign)). For some reason, their website has always been hosting an [outdated APK of F-Droid](https://forum.f-droid.org/t/why-does-the-f-droid-website-nearly-always-host-an-outdated-f-droid-apk/6234), and this is still the case today. "Stability" seems to be the main reason mentioned, which doesn't make sense.