Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

publish hashes of signing keys #11430

Closed
6 tasks done
grrrrr opened this issue Aug 11, 2024 · 1 comment
Closed
6 tasks done

publish hashes of signing keys #11430

grrrrr opened this issue Aug 11, 2024 · 1 comment
Labels
feature request Issue is related to a feature in the app meta Related to the project but not strictly to code

Comments

@grrrrr
Copy link

grrrrr commented Aug 11, 2024
edited
Loading

Checklist

  • I made sure that there are no existing issues - open or closed - which I could contribute my information to.
  • I have read the FAQ and my problem isn't listed.
  • I'm aware that this is a request for NewPipe itself and that requests for adding a new service need to be made at NewPipeExtractor.
  • I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise.
  • This issue contains only one feature request.
  • I have read and understood the contribution guidelines.

Feature description

On Android, you can use AppVerifier to confirm if an apk was signed by the owners or an untrusted key (as well as other methods). This can be combined with Obtanium to check at install time.

The hashes could be published in a number of places for additional trust. e.g

  • blog post
  • gpg signed download
  • mastodon / twitter /...
  • Github

Why do you want this feature?

Allows for an additional layer of certainty being able to easily check that the apk is legitimately signed

Additional information

tangentially related to #5469
@grrrrr grrrrr added feature request Issue is related to a feature in the app needs triage Issue is not yet ready for PR authors to take up labels Aug 11, 2024
@opusforlife2 opusforlife2 added meta Related to the project but not strictly to code and removed needs triage Issue is not yet ready for PR authors to take up labels Aug 14, 2024
@bats6931
Copy link

FWIW these are currently published in the homepage, under the "Get NewPipe" section: https://newpipe.net. Got my green AppVerifier checkmark :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request Issue is related to a feature in the app meta Related to the project but not strictly to code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grrrrr @opusforlife2 @bats6931