Thinking about the possibility for the user to know who build the executable

[uazo]

Preliminary checklist

• I have read the README
• I have read the FAQs.
• I have searched existing issues for my feature request. This is a new issue (NOT a duplicate) and is not related to another issue.
• I have searched wont fix issues and this request is not among them
• This is a feature request for the Cromite browser; not the website nor F-Droid nor anything else.

Is your feature request related to privacy?

Yes

Is there a patch available for this feature somewhere?

No

Describe the solution you would like

I would like to encourage home builds and distribution via other means than github.
But I think it lacks the information of who produced the executables, a kind of seal for builds produced by me (for example #621 (comment))

The idea is to allow the user to verify some code shown, for instance in chrome://version, even for desktop versions.
I could sign a file with android tools and allow it to be downloaded for verification even from the desktop.

see also #422

Describe alternatives you have considered

signing certificates are exorbitantly expensive.

[PF4Public]

If your intention is to verify the integrity of a file, simple hash might suffice. If you want authenticity, you could attempt using PGP for that. In that case you need to publish your public key and then anyone could verify the file against it.

[uazo]

If you want authenticity

yes, I meant that.

you could attempt using PGP for that

if I can exploit something already in the chromium repo it's better, considering that they sign apks I thought you could sign any file, and maybe I can exploit that.

[uazo]

I thought about it again, the way I thought about it doesn't make sense. Just take the file and include it in another build.

we would need something online, a site, which has access to particular API (such as account.google.com).
but I don't like it.