Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://grapheneos.social/users/GrapheneOS/statuses/113901044415035454">GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 28-Jan-2025 00:34:08 JST</a><a href="https://grapheneos.social/@GrapheneOS" title="grapheneos@grapheneos.social"><img src="https://gnusocial.jp/avatar/99224-48-20240219114657.webp" width="48" height="48" alt="GrapheneOS" style="position: absolute; left: 0; top: 0;">GrapheneOS</a><div><a href="https://hachyderm.io/@dalias/113901033383153188" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/311501" title="nebulatide@mastodon.bsd.cafe">Doerk</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://mastodon.bsd.cafe/@NebulaTide">@NebulaTide</a> Our current general recommendation is obtaining apps directly from open source developers. Obtainium and App Verifier are useful tools for that, but Obtainium doesn't do things in a way that we can wholeheartedly recommend it or package it in our app repository. We could make our own tool for downloading app builds with pinned keys from where developers publish them without involving third parties. Could support a reproducible build verification system via third parties too.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4458174#notice-8725890">In conversation</a><time datetime="2025-01-28T00:34:08+09:00" title="Tuesday, 28-Jan-2025 00:34:08 JST">about 3 months ago</time> <span>from <span><a href="https://grapheneos.social/@GrapheneOS/113901044415035454" rel="external" title="Sent from grapheneos.social via ActivityPub">grapheneos.social</a></span></span><a href="https://grapheneos.social/@GrapheneOS/113901044415035454">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 28-Jan-2025 00:34:08 JSTGrapheneOS
in reply to
- Rich Felker
- Doerk
@dalias @NebulaTide Our current general recommendation is obtaining apps directly from open source developers. Obtainium and App Verifier are useful tools for that, but Obtainium doesn't do things in a way that we can wholeheartedly recommend it or package it in our app repository. We could make our own tool for downloading app builds with pinned keys from where developers publish them without involving third parties. Could support a reproducible build verification system via third parties too.
In conversationabout 3 months ago from grapheneos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice