Apps can be distributed using the <a href="https://f-droid.org/en/docs/Reproducible_Builds">developer’s own</a> signatures when the builds are fully reproducible.</li> <li>By default, the “publish” server will generate and manage a signing key for each individual app. These signing keys are only shared between apps when specifically configured to do so using the <a href="https://gitlab.com/fdroid/fdroidserver/-/blob/886394c9a4909/examples/config.yml#L156"><em>keyaliases</em></a> mechanism in <em>config.yml</em>.</li> <li>All apps are signed by <a href="https://gitlab.com/fdroid/fdroidserver/-/blob/2.1.2/fdroidserver/publish.py#L420">the key devoted to that app</a> unless the upstream <a href="https://gitlab.com/fdroid/fdroiddata/-/merge_requests/10240">specifically</a> requests multiple apps be signed by the same key, and the <em>fdroiddata</em> maintainers approve it.</li> <li>For <em>f-droid.org</em>, all app signing is done on a dedicated, air-gapped, offline machine.</li> <li>At any time, the developer’s own signatures may be added their app(s) in <em>f-droid.org</em> once reproducible builds have been achieved. Additionally, releases signed by the <em>f-droid.org</em> key will continue to be shipped.</li> <li>In the official F-Droid client app, the developer’s own signature is the default for fresh installs.</li>