Author: Mike Hearn 2013-05-07 12:04:16
Published on: 2013-05-07T12:04:16+00:00
The context discusses the importance of secure binary distribution for software and the role of SSL in providing a secure connection. The author acknowledges that SSL is an essential feature for secure distribution, but it requires finding alternative file hosting. The author also notes that Damgards may be a better option, but there is no choice in what to use. They explain that on Android, there is no way to change the signing key after deployment, so developers can either split the existing key or do nothing. The author goes on to mention the quorum-of-developers signing system that uses gitian and reproducible builds. However, Gregory points out that people don't check the signatures, making this system less effective. The author suggests that this type of system works best when combined with an auto-update engine or other software distribution platform. Overall, the text highlights the challenges of secure binary distribution and the need for a comprehensive approach that includes SSL, secure file hosting, and effective signature verification.
Updated on: 2023-06-06T16:16:00.727211+00:00