Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://floss.social/users/IzzyOnDroid/statuses/111269358128440261">IzzyOnDroid ✅ (izzyondroid@floss.social)'s status on Saturday, 21-Oct-2023 06:38:07 JST</a><a href="https://floss.social/@IzzyOnDroid" title="izzyondroid@floss.social"><img src="https://gnusocial.jp/avatar/85483-48-20230315114109.webp" width="48" height="48" alt="IzzyOnDroid ✅" style="position: absolute; left: 0; top: 0;">IzzyOnDroid ✅</a><div><a href="https://gnusocial.jp/notice/4350847" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/10218" title="aaribaud@mastodon.art">Albert ARIBAUD ✎</a></li><li><a href="https://gnusocial.jp/user/22753" title="ploum@mamot.fr">ploum</a></li><li><a href="https://gnusocial.jp/user/202806" title="lenticularcloud@mastodon.social">LenticularCloud</a></li></ul></div></section><article><p><a href="https://mastodon.art/@aaribaud">@aaribaud</a> <a href="https://chaos.social/@SylvieLorxu">@SylvieLorxu</a> <a href="https://mamot.fr/@ploum">@ploum</a> <a href="https://mastodon.social/@LenticularCloud">@LenticularCloud</a></p><p>"The actual risk scenario would be that a github repo owner build an APK from sources other than those on the repo and upload it to the repo"</p><p>That indeed is a real risk as I have no means to check that. There are other checks in place (library scanner, VT etc) which should reduce the risk of "bad stuff" – but a little risk always exists. So you need to trust the developer, too…</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2211236#notice-4351231">In conversation</a><time datetime="2023-10-21T06:38:07+09:00" title="Saturday, 21-Oct-2023 06:38:07 JST">about a year ago</time> <span>from <span><a href="https://floss.social/@IzzyOnDroid/111269358128440261" rel="external" title="Sent from floss.social via ActivityPub">floss.social</a></span></span><a href="https://floss.social/@IzzyOnDroid/111269358128440261">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
IzzyOnDroid ✅ (izzyondroid@floss.social)'s status on Saturday, 21-Oct-2023 06:38:07 JSTIzzyOnDroid ✅
in reply to
@aaribaud @SylvieLorxu @ploum @LenticularCloud
"The actual risk scenario would be that a github repo owner build an APK from sources other than those on the repo and upload it to the repo"
That indeed is a real risk as I have no means to check that. There are other checks in place (library scanner, VT etc) which should reduce the risk of "bad stuff" – but a little risk always exists. So you need to trust the developer, too…
In conversationabout a year ago from floss.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice