Unfortunately no
Please rename the thread to "Signal in the Guardian project F-Droid repo" or something like that to avoid confusion, because as you have noticed, it's not available in the main F-Droid repo, just in the third-party repo maintained by the Guardian project
Oh sorry, I misread that
Takes like 2 minutes 😅
There's nothing inherently wrong with Sup, but it's very new and hasn't had the chance to stand the test of time yet. It also has very few users and isn't as intuitive as straightforward as Signal, which is basically just a carbon copy of WhatsApp (UI/UX-wise). Network effect is a very important aspect.
Federated networks aren't easy to explain to users, this is already a huge issue for Mastodon, and it's probably why it hasn't taken over social media.
As other comments here have pointed out, Sup would be a closer alternative to stuff like Facebook Messenger than to WhatsApp. I'd say Signal is still the best option for private and secure instant messaging.
~~Sup~~ Signal = WhatsApp
I know, it even says so in the post:
I just noticed today that Signal (not talking Molly) is now available on F-Droid via the "Guardian" repository.
I think they ship prebuilt binaries, i.e. the exact same ones you find on the Signal website
AFAIK this also applies to Tor Browser, Orbot and other third-party apps distributed by Guardian
Edit: I downloaded the files and manually verified the signatures. They are indeed the exact same files.
Because I didn't really know how to grab an APK from the Guardian F-Droid repo, I used their S3 bucket and downloaded the Signal APK. It's named Signal-Android-website-prod-universal-release-7.30.2.apk, which is the exact same file name as the one of the APK you can get from the Signal website.
I then used keytool to print the signature certificate fingerprint: (renamed the files to make it less confusing)
keytool -printcert -jarfile signal-website.apk
Signer #1:
Certificate #1:
Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3
keytool -printcert -jarfile signal-guardian.apk
Signer #1:
Certificate #1:
Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3
The fingerprints are identical.
Another edit: I just noticed that Signal even has official instructions for checking the signature on their APK download page. They use apksigner instead of keytool, but it's basically the same process.
It's probably not an official thing. F-Droid can't distribute apps in the official repo via their own policy if the developer doesn't agree. Third-party repos like Guardian can.
Yeah and I love it but this is still very tech niche and looking for an instant messaging solution.
I remember having used Blink a few years ago. If you want a full Linux environment on the iPad, you can also check out iSH. It obviously also allows you to use SSH.