• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: July 4th, 2023

help-circle
  • How does f-droid solve this problem? From my understanding they confirm that the .apk provided by the dev matches what compiles from source and run it through Virus Total. Those are trivial steps for a malicious dev to take to slip in something nefarious.

    At that point you’re relying on the community to check every commit for nefarious code $x. Not to mention they could simply build up community trust for some time before slipping in the code, since they’d effectively be burned once (if?) their very first shady code commit is found.

    I can’t imagine f-droid would go on the hook and say everything they build is also code reviewed for malicious stuff, right?