Project *Core Apps » Bazaar » ChatSecure:Android » KeySync » Orbot » Orfox Private Browser » Orweb » Secure ReaderCacheWordIOCipherNetCipherPanicTrusted Intents » CheckeyLibreoSpideyStoryMaker™SecureSmartCam » CameraV (InformaCam Project) » ObscuraCam
I just had an idea about how to streamline the experience of connecting to a local repo that is using HTTPS://. If part of the advertised info (like fingerprint, bssid, etc. in the URL, QR Code, etc) was the SPKI info needed by MTM/AndroidPinning, then perhaps there is a way to add that info before connecting via HTTPS:// so that there is no certificate warning at all, or even a TOFU "Accept/Once/Never" dialog. The key to making this work is somehow associating the fdroid signing key cert with the SPKI info, so we can use the fdroid certificate as the canonical unique ID for a repo.
Basically, the "Add Repo" dialog becomes the one dialog for TOFUing both the repo's signing key and its HTTPS certificate.
<< me >>carriestienshansn8fr8pd0xpserwylorosavitriolixAnonymous
Integrate Kerplapp into FDroid
new unified Downloader infrastructure
convert FDroid to appcompat-v7
implement swap UI
integrated audit and user-generated data
swap repos with Bluetooth and Bonjour
Estimated time Hours
% Done0 %
(Maximum size: 195 MB)