You're infantilising the users. It's untrusted by Google, but it's trusted by myself. I actually trust the Termux and Kodi devs way more than Google, yet they Google has been blocking their updates.
Note that the term sideloading is exclusively used by mobile OSes. On Windows MacOS and Linux you can install anything.
What I'm talking about is actual trust. Like, there are cryptographic measures taken, certificates involved, code signing, that kind of thing.
You claim that you "can install anything" on Windows, but that is simply false. The system's Driver Signature Enforcement will prohibit the install of unsigned or invalid signatures on device drivers. Windows SmartScreen will also give you trouble by blocking unsigned apps.
So yeah, you can bypass these protective measures and "install whatever you want" ultimately, but it is basically the same process as sideloading on Android, isn't it? Disabling a bunch of protections that are there for your safety?
Your trust, honestly, doesn't mean jack shit. There is cryptographic signing, and certificate authorities, and processes to approve the certificates that authorized developers use. You don't got jack shit with your "trust" of Termux and Kodi. It means nothing to the end-user.
We do not work in "trust me bro" territory when it comes to signing software, anymore. I am sorry/not-sorry to say. It is very important to have a chain of trust that goes up somewhere above "goldenarm @ HN".
Cryptographic trust is a different thing than actual trust. The latter is what makes the world work, the former is a tool people occasionally confuse for the real thing, but actually is mostly opposite to it.
> We do not work in "trust me bro" territory when it comes to signing software, anymore. I am sorry/not-sorry to say. It is very important to have a chain of trust that goes up somewhere above "goldenarm @ HN".
If you so deeply believe in giving up user freedom and delegating control to authority maybe you are at the wrong place here, check the title of this website: "Hacker News"....
The inconvenient fact that bursts this bubble is that installing already is the default term, and it's the emergence of "side loading" which is the anachronistic attempt to redefine the term.
The idea that a precondition for something to count is installing is that it's vetted by a big company is the abberation, and the notion that it's trustworthy is belied by the avalanche of unsafe and privacy violating apps that find their way into the store. F-Droid apps are actually more carefully vetted than Play Store apps, so there goes the trust rationale.
You're infantilising the users. It's untrusted by Google, but it's trusted by myself. I actually trust the Termux and Kodi devs way more than Google, yet they Google has been blocking their updates.
Note that the term sideloading is exclusively used by mobile OSes. On Windows MacOS and Linux you can install anything.
What I'm talking about is actual trust. Like, there are cryptographic measures taken, certificates involved, code signing, that kind of thing.
You claim that you "can install anything" on Windows, but that is simply false. The system's Driver Signature Enforcement will prohibit the install of unsigned or invalid signatures on device drivers. Windows SmartScreen will also give you trouble by blocking unsigned apps.
So yeah, you can bypass these protective measures and "install whatever you want" ultimately, but it is basically the same process as sideloading on Android, isn't it? Disabling a bunch of protections that are there for your safety?
Your trust, honestly, doesn't mean jack shit. There is cryptographic signing, and certificate authorities, and processes to approve the certificates that authorized developers use. You don't got jack shit with your "trust" of Termux and Kodi. It means nothing to the end-user.
We do not work in "trust me bro" territory when it comes to signing software, anymore. I am sorry/not-sorry to say. It is very important to have a chain of trust that goes up somewhere above "goldenarm @ HN".
Cryptographic trust is a different thing than actual trust. The latter is what makes the world work, the former is a tool people occasionally confuse for the real thing, but actually is mostly opposite to it.
3 replies →
> We do not work in "trust me bro" territory when it comes to signing software, anymore. I am sorry/not-sorry to say. It is very important to have a chain of trust that goes up somewhere above "goldenarm @ HN".
If you so deeply believe in giving up user freedom and delegating control to authority maybe you are at the wrong place here, check the title of this website: "Hacker News"....
[dead]
The inconvenient fact that bursts this bubble is that installing already is the default term, and it's the emergence of "side loading" which is the anachronistic attempt to redefine the term.
The idea that a precondition for something to count is installing is that it's vetted by a big company is the abberation, and the notion that it's trustworthy is belied by the avalanche of unsafe and privacy violating apps that find their way into the store. F-Droid apps are actually more carefully vetted than Play Store apps, so there goes the trust rationale.
You're the one muddying the waters.
[flagged]