Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Signal doesn’t trust messages server side. And the official flatpak made by the signal foundation are verified. So as long as you use the flatpak its safe.
Just a note that the flatpak is not made by the Signal Foundation, it is maintained unofficially by the community. See the last sentence on the app description on Flathub:
There’s a discussion about the community flatpak’s trustworthiness on their repo here and here, a feature request for the Signal Foundation to have an official release here, but for now the only official Linux release of Signal is for Debian-based distributions.
Fair point but why does signal have a position available for signal desktop on there web page? That’s rather odd to have it community maintained.
These aren’t good reasons
What does this have to do with their ability to support reproducible builds?
this :)