Bug 503820

Summary: Incorrect Fingerprint for KDE F-Droid Repository
Product: [I don't know] kde Reporter: reportthebug <chris.seiferth>
Component: generalAssignee: Unassigned bugs <unassigned-bugs-null>
Status: REPORTED ---    
Severity: grave CC: carl, nate
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Android   
OS: Other   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description reportthebug 2025-05-06 02:14:43 UTC 
The fingerprint for the KDE F-Droid repository (`https://cdn.kde.org/android/fdroid/repo/`) appears to be incorrect or outdated since some days, causing potential security or trust issues when adding the repository via F-Droid.  

Steps to Reproduce
1. Add the KDE F-Droid repository (`https://cdn.kde.org/android/fdroid/repo/`) to the F-Droid client.  
2. Observe the repository's signing fingerprint during the addition process.  

Expected Behavior
The fingerprint should match the officially listed value:  
`B3EBE10AFA6C5C400379B34473E843D686C61AE6AD33F423C98AF903F056523F`  
(This is confirmed on the KDE Community Android/F-Droid page.)  

Actual Behavior
The fingerprint displayed or detected by F-Droid differs from the expected value, leading to warnings or failures when verifying the repository's authenticity.  

Additional Details
- F-Droid Client Version: 1.22.0
- Repository URL: `https://cdn.kde.org/android/fdroid/repo/`  
- Location of Issue: F-Droid client when adding the repository.
Comment 1 Nate Graham 2025-05-06 15:53:55 UTC 
Carl, do you know who's in charge of this?