I was wondering what is the overall verification process before adding an architecture to Ubuntu Mate Download page: Choose an architecture | Download
I recently downloaded a GPD hardware optimized distribution and my worry is that it also includes some sort of malware/backdoor/intended vulnerability apart from the tweaks for that particular hardware.
@Wimpy who is a trusted member here published the assembled installation, previously I was under the impression that the people from GPD published the image which I would consider problematic.
Anyway - is there some sort of github repository I can have a look at?
Theoretically, if the script only adds additional files into the squashed filesystem, and you use the exact same version of the tools to run the script, the checksum should match. This isn't a guarantee because there's compression involved (for squashfs)
The other method is to mount & compare the squashfs file system from the regular amd64 ISO, and the gpd ISO to see what has changed. The file is located here:
casper/filesystem.squashfs
Wimpy sometimes does live streams of what he's doing - you can find some on GPD: