this post was submitted on 21 Jan 2025
2 points (100.0% liked)

Privacy

6 readers
2 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
ciferecaNinjo@fedia.io
2
Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken (social.tchncs.de)
submitted 1 month ago by kuketzblog@social.tchncs.de to c/privacy@fedia.io
15 comments fedilink hide all child comments
 

Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause." 😵👇

https://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19

#fdroid #security #privacy #certpinning #signature

top 15 comments
sorted by: hot top controversial new old
[–] Life_is_Beautiful@infosec.exchange 1 points 1 month ago

@kuketzblog@social.tchncs.de

Am besten:

  1. Accressent
  2. Obtanium (github/gitlab) + Appverfier
  3. F-droid Repo des Entwicklers manuell hinzufügen

@accrescent@infosec.exchange

[–] lasagne@chaos.social 1 points 1 month ago

@kuketzblog@social.tchncs.de

Can anyone please explain what the actual impact of this is in the context of Fdroid?

[–] enigma@norden.social 1 points 1 month ago

@kuketzblog@social.tchncs.de und ich dachte immer, ich wäre der einzige , der mit certs immer auf Kriegsfuß steht 😜

[–] D22@social.tchncs.de 1 points 1 month ago* (last edited 1 month ago) (1 children)

@kuketzblog
Scheint heute behoben worden zu sein. Gerade gesehen:
https://floss.social/@fdroidorg/113871647937841033

[–] kuketzblog@social.tchncs.de 1 points 1 month ago (1 children)

@D22@social.tchncs.de Nein, denke ich nicht:

[–] IzzyOnDroid@floss.social 1 points 1 month ago (1 children)

@kuketzblog@social.tchncs.de @D22@social.tchncs.de

[–] s3nnet@social.tchncs.de 1 points 1 month ago (15 children)

@IzzyOnDroid@floss.social @kuketzblog@social.tchncs.de @D22@social.tchncs.de Update online :mastodance:

load more comments (15 replies)