{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiew3vvljiyggiiyrqttd6dg7g72ahhwwnreeww2vbolnuqtog22a4",
    "uri": "at://did:plc:34cg4tn4iwemk3v5k3n3adwf/app.bsky.feed.post/3mjdtidmfquq2"
  },
  "path": "/t/add-information-about-who-built-the-source-code-and-signatures-and-reproducibility/34271#post_3",
  "publishedAt": "2026-04-11T18:49:49.000Z",
  "site": "https://forum.f-droid.org",
  "tags": [
    "verification.f-droid.org",
    "sing-box Reproducibility Status"
  ],
  "textContent": "Licaon_Kter:\n\n> No, it’s not possible, F-Droid always builds, for its own repo.\n\nlook at the reproducibility status of versions\n\nverification.f-droid.org\n\n### sing-box Reproducibility Status\n\nVersions 1.12.20 (616) and 1.12.14 (595) have not passed the reproducibility test, but they were published on the website and they are not signed by the f-droid developer. I don’t want to install such versions because there may be backdoors inside that were made by the app developer, and the f-droid company published possible malware. We need more information about the verification and who signed the application. The latest versions sing-box have not been tested for reproducibility at all over the last 2 months.",
  "title": "Add information about who built the source code and signatures and reproducibility"
}