Post SHA-256 Hash of Developer Signing Key #445
shrimprugbysnowowl
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The project offers a direct apk download option from github as well as being hosted in the fdroid official repo. The app hosted in fdroid is built and signed by the fdroid developers, which some view as a security issue. One option is a reproducible build, but sometimes this is extremely difficult. Apps like Obtainium are becoming more popular and allow users to track updates to apps and directly download the apk from github, but those users need a way to verify that the build was signed by the developer. Posting the sha-256 hash of the developer signing key in the project README and on the ICSx Website would be appropriate.
Based on the downloaded icsx5-81-2.2.5-standard-release.apk, the hash appears to be, B3:9E:7B:77:EC:85:34:83:64:6B:21:B4:A3:E3:CA:54:0B:A0:94:EF:8D:AA:18:E8:7E:0B:E1:FA:46:38:D3:21.
I'm happy to create a PR for the README if you are amenable to inclusion.
Thank you for your consideration.
Beta Was this translation helpful? Give feedback.
All reactions