Comment by mh- - Hacker Neue

My assumption is they want to eliminate/prevent schemes where a ton of apps are signed as a service by a small number of centrally controlled keys.

Someone elsewhere in the thread said this is how F-Droid works, but I can't confirm firsthand.

The signing certificate should indicate who is signing, and therefore who is liable. But maybe that’s not how they set it up previously.

This item has no comments currently.