this post was submitted on 15 Jul 2023
8 points (78.6% liked)
Ask Android
2211 readers
1 users here now
A place to ask your questions and seek help related to your Android device and the Android ecosystem.
Whether you're looking for app recommendations, phone buying advice, or want to explore rooting and tutorials, this is the place for you!
Rules
- Be descriptive: Help us help you by providing as many details as you can.
- Be patient: You're getting free help from Internet strangers, so you may have to wait for an answer.
- Be helpful: If someone asks you for more information, tell us what you can. If someone asks you for a screenshot, please provide one!
- Be nice: Treat others with respect, even if you don't agree with their advice. Accordingly, you should expect others to be nice to you as well. Report intentionally rude answers.
- No piracy: Sharing or discussing pirated content is strictly prohibited. Do not ask others for a paid app or about how to acquire one.
- No affiliate/marketing links: Posting affiliate links is not allowed.
- No URL shorteners: These can hide the true location of the page and lead people to malicious places.
- No lockscreen bypasses: Please do not comment, link, or assist with bypassing lock screens or factory reset protection.
- No cross-posting: Please take the time to make a proper post instead of cross-posting.
Other Communities
founded 1 year ago
MODERATORS
I think they require that builds happen on their build servers using public source to make sneaking in something unsavory harder. A maintainer can't just say here ship this binary.
Here you can see that they use an automated build system and a means to track what is getting built.
What is your threat model? I would be more worried about those proprietary firmware blobs that you have to use with your hardware irrespective of what ROM you choose. If you're worried about a maintainer sneaking in a back door, I would think that unlikely because it would leave a paper trail.
Yes, I have already been explained here how the build process takes place. Now I understand that it is transparent and open. I didn't know this before and thought maintainer was just putting builds in the repository 🤷 I'm stupid, I know 😁