Today is the first time I had to remove an app from the #IzzySoftRepo for potential security risks: author changed the signing key (happens a lot they lose it, unfortunately) – and instead of explaining what happened, simply deleted the issue where I reported it. So I must assume that repo was either compromised – or the author is not interested in security.
It should be safe to use my repo, so I had to remove that app (the "insecure" APK never went live here thanks to security checks).
IzzyOnDroid ✅ /
npub1g8…jdj6g
2023-09-01 08:09:50
Author Public Key
npub1g8rsgv5dvhrqhz44rma7pslwsky09lh3gp3077kj5249m3xd7wdqdjdj6gPublished at
2023-09-01 08:09:50Event JSON
{
"id": "900c003d85e7345fccf07a65a6bb83a72ab42ffc8af3b7835023eb7369e60f42",
"pubkey": "41c704328d65c60b8ab51efbe0c3ee8588f2fef14062ff7ad2a2aa5dc4cdf39a",
"created_at": 1693555790,
"kind": 1,
"tags": [
[
"t",
"IzzySoftRepo"
],
[
"proxy",
"https://floss.social/users/IzzyOnDroid/statuses/110988872309395031",
"activitypub"
]
],
"content": "Today is the first time I had to remove an app from the #IzzySoftRepo for potential security risks: author changed the signing key (happens a lot they lose it, unfortunately) – and instead of explaining what happened, simply deleted the issue where I reported it. So I must assume that repo was either compromised – or the author is not interested in security.\n\nIt should be safe to use my repo, so I had to remove that app (the \"insecure\" APK never went live here thanks to security checks).",
"sig": "bdad008a3c28c036ce416be34e0b25e29f56569427ccbec81b89c9c3b4462fed5a762ee0527ce3362e5a4bc1b931532a7b83add8fcdabff49ef1b75a615bed75"
}