-
-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifiable builds? #1244
Comments
The section in the README you're referring to explains how you can verify that Aegis APK's were signed by us. Reproducible builds are something completely different and we don't support that currently. |
That's what I had understood. Is there a plan to include it on the roadmap? This would greatly increase the trust in the product. |
Not currently. I'd first like to see a more detailed proposal and perhaps a proof of concept for this. Maintaining reproducible builds can be painful and it'd be good to have a general impression of what the impact on Aegis' build process would be. |
An excellent example is here: From the looks of things, I think it could be done with minimal impact to the build process once the work is carried out. I believe this is truly important to be able to implement a TNO (Trust No One) solution. |
Hello.
Excellent initiative.
Is there a way to verify that the build on the play store is produced from the code in this repo (a la Signal private messenger)? The verification in the readme suggests that the certificate used for signing is the same but is this the same thing as the build being the same? Perhaps I'm missing something?
The text was updated successfully, but these errors were encountered: