We have launched a trial of shipping the official Signal releases in our F-Droid-compatible repository. We believe we can reliably ship them, using multiple layers of verification on top of the built-in APK signature Signal Foundation ships. This is the same setup that ships Tor Browser. We welcome feedback.
@guardianproject What does the Signal Foundation think about this? Presumably they should welcome this way to avoid Google Surveillance, right?
@pettter We would much prefer if Signal Foundation made Signal available via its own fdroid-compatible repository, and would assist them in getting that setup. Since they have not, we want to ensure that F-Droid users have a trusted and resilient channel for getting initial installs and updates.
@guardianproject How long will the trial last? When would you consider it a success and continue?
@knitter The core goal is to push Signal towards free software, and to make Signal available via channels that users already trust. The ideal outcome would be if Signal Foundation maintained Signal on @fdroidorg via reproducible builds.
That is a great idea.
These are the same APKs that Signal Foundation makes available for direct download. They include the ability to self-update, so even if Signal is no longer included in our repo, it has a built-in update channel.