• doodledup@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    3
    ·
    3 months ago

    The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

    • Nonononoki@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      It’s reproducible if you compare it with F-droid’s tarball, which has all the source code in it.

    • woelkchen@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      3 months ago

      The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

      F-Droid builds from source, so any suspicion whether the Google Play version has been tampered is completely irrelevant for the F-Droid version.