Eh... The set of people who can maliciously modify it is the people who run f-droid, instead of th...

gpm • last Tuesday at 8:55 PM • 2 replies • view on HN

Eh...

The set of people who can maliciously modify it is the people who run f-droid, instead of the cloud provider and the people who run f-droid.

It'd be nice if we didn't have to trust the people who run f-droid, but given we do I see an argument that it's better for them to run the hardware so we only have to trust them and not someone else as well.

Replies

lrvick • last Tuesday at 9:15 PM

You actually do not have to trust the people who run f-droid for those apps whose maintainers enroll in reproducible builds and multi-party signing, which only f-droid supports unlike any alternatives.

➕ show 2 replies

ejj28 • last Tuesday at 9:17 PM

The cloud isn't the only other option, they could still own and run their own hardware but do it in a proper colocation datacenter.

alt Hacker News

Replies