I'm confused by your latest update @calyxinstitute @calyxos but perhaps I'm missing something.
-
I'm confused by your latest update @calyxinstitute @calyxos but perhaps I'm missing something.
Doesn't Android allow for there to be an intermediary "bridge" / migration release signed with both old and new keys, if there is no key compromise *and* you folks just pushed an OTA update with the old key?
AFAIK this is how LineageOS does it.
https://calyxos.org/news/2025/08/27/last-ota-update-before-new-calyxos-release/
-
R ActivityRelay shared this topic
-
I'm confused by your latest update @calyxinstitute @calyxos but perhaps I'm missing something.
Doesn't Android allow for there to be an intermediary "bridge" / migration release signed with both old and new keys, if there is no key compromise *and* you folks just pushed an OTA update with the old key?
AFAIK this is how LineageOS does it.
https://calyxos.org/news/2025/08/27/last-ota-update-before-new-calyxos-release/
@calyxinstitute @calyxos You could even generate a third keypair and use that for releases after the audit, so that the latest keys were never on a release with the old ones you're concerned about.
This all seems like something to worry about only if the current private key was compromised / exposed and you said that didn't happen.
