Warrant Canary #52
Comments
Repository owner
locked and limited conversation to collaborators
Jan 17, 2022
Repository owner
unlocked this conversation
Feb 16, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This overlay has a number of ebuilds for Gentoo, which are publicly available to anyone. Their integrity is guaranteed by Git VCS.
Apart from ordinary ebuilds this overlay provides binary releases of
ungoogled-chromium. Their integrity is guaranteed by checksumming after uploading and downloading from GitHub.ungoogled-chromiumare compiled from the very ebuilds in this overlay and from the same sourcesungoogled-chromiumare compiled on systems, to which I have complete access and which are under my full controlungoogled-chromiumof this overlay by any third party: neither ongoing, nor in the pastungoogled-chromiumof this overlay by any third party: neither ongoing, nor in the pastPlease let me know if you discover any occasion of modification of either content of this overlay or binary releases of this overlay by any third-party.
Possible weak point is that currently checksumming is happening after a binary release is uploaded to GitHub and downloaded. I doubt GitHub be doing shady things in-between, but if this situation troubles you, please inform me (best if you also have a solution to this issue).
Some related ranting
I've just read about an extension, maintainer of which did sell (or whatever he did to lose control over) it, which had a number of (many?) contributors and users, and most importantly, which was concerning privacy, but the most troubling in my opinion is the complete lack of a prior notice, transparency or something alike for end-users. That was a terrible course of events, to say least.The text was updated successfully, but these errors were encountered: