| ▲ | limagnolia 3 hours ago | |
F-Droid build APKs themselves from source, so presumably 0, as they don't allow APKs to be uploaded. F-Droid does do some safety checks themselves already too, I don't know exactly what. Edit: Perhaps I am mistaken... but I think the linked post was referring to users adding additional repos to the F-Droid store, not the default F-Droid repo?? | ||
| ▲ | westurner 2 hours ago | parent [-] | |
The objective with adding a third party repository key IIUC, would be to not need to prompt about installing from unauthenticated sources if they're installing from a third-party repo; so the fdroid key for the APKs that they or a CDN host would be verifiable. It would be good to scan the sources with SAST and DAST and scan the APKs once they're built too. | ||