F-Droid - Free and Open Source Android App Repository

7749 Members
F-Droid, the free and open source app repository (official room) | https://f-droid.org | https://forum.f-droid.org | https://floss.social/@fdroidorg | #fdroid-space:f-droid.org | For development discussion use #fdroid-dev:f-droid.org | This channel is accesible via IRC, Matrix, Telegram and XMPP | Room history is public | Please don't edit your messages, it is spammy to users on IRC and XMPP333 Servers

Load older messages

SenderMessageTime
2 Dec 2021
@_oftc_Yad:matrix.orgYadminimal: True. ^^20:29:48
@_oftc_Betal:matrix.orgBetal joined the room.20:32:21
@_oftc_jochensp:matrix.orgjochenspYad: well your trust chain includes downloading the key from the keyserver, probably over a secure protocol signed with other keys you got from somewhere and so on, all the gnupg does not know and thus issues the warning20:34:59
@_oftc_jochensp:matrix.orgjochensps/all the/all that/20:36:49
@_oftc_jochensp:matrix.orgjochenspYad: but then again the question is where does trust start. Do you trust the certificates in your browser or those in the operating system? Do you trust your computer hardware?20:38:37
@_oftc_Yad:matrix.orgYad Indeed, I was already typing: jochensp: ah right, so it's me trusting the HTTPS root certificates probably? (Since that's how I get the fingerprint of the GPG certificate) 20:39:19
@_oftc_jochensp:matrix.orgjochenspyes20:39:31
@_oftc_jochensp:matrix.orgjochenspyou can tell gnupg about that to remove the warning20:39:51
@_oftc_Yad:matrix.orgYad jochensp: Where does trust start? As the security expert Steve Gibson likes to say, it's never truly trust-no-one unless you pick up sand off the beach yourself. (To smelt into silicon wafers, and so on.) 20:40:02
@_oftc_jochensp:matrix.orgjochenspyeah :D20:40:15
@_oftc_Yad:matrix.orgYad^^b20:40:19
@_oftc_Yad:matrix.orgYad left the room.20:48:49
@_oftc_Yad:matrix.orgYad joined the room.20:51:20
@_oftc_Yad:matrix.orgYad left the room.20:53:46
@_oftc_Yad:matrix.orgYad joined the room.20:55:08
@_oftc_Yad:matrix.orgYad left the room.20:55:53
@_oftc_Yad:matrix.orgYad joined the room.20:57:32
@_oftc_Yad:matrix.orgYad left the room.20:57:52
@_oftc_Yad:matrix.orgYad joined the room.21:00:49
@_oftc_Yad:matrix.orgYadjochensp: My mindfulness about validating the signature of F-Droid is based on, for example, how I managed to avoid the 2016 Linux Mint hack because I get my ISOs from their official BitTorrent torrent, rather than relying on a webserver. https://blog.linuxmint.com/?p=299421:08:46
@_oftc_jochensp:matrix.orgjochensp Yad: nice, I didn't download isos for a long time, just package with apt :) 21:12:34
@_oftc_jess:matrix.orgjess left the room.21:16:40
@_oftc_ravi:matrix.orgravi left the room.21:21:00
@_oftc_ravi:matrix.orgravi joined the room.21:21:17
@telegram_1926801217:t2bot.ioUnsupported User joined the room.21:22:02
@_oftc_Brainstorm:matrix.orgBrainstorm left the room.21:34:33
@_oftc_Guest7411:matrix.orgGuest7411 (IRC) joined the room.21:34:34
@_oftc_Guest7411:matrix.orgGuest7411 (IRC) left the room.21:34:34
@oftc-irc:matrix.org@oftc-irc:matrix.orgchanged room power levels.21:34:35
@_oftc_Brainstorm:matrix.orgBrainstorm joined the room.21:34:43

Show newer messages

Back to Room ListRoom Version: 6