[guardian-dev] What to do about Android "master key" bug

[Richard]

On Fri, Jul 05, 2013 at 08:04:50AM -0400, Nathan of Guardian wrote:

> 
> With F-Droid, we do use a signed repo, but not sure if that helps in
> this context.

f-droid clients should check apk hashes in addition to signatures so it 
would certainly help in some situations.


Richard

---
Name and OpenPGP keys available from pgp key servers