Merge "twrpme: add post regarding unofficial twrp"
diff --git a/_posts/2020-05-01-unofficial-twrp.markdown b/_posts/2020-05-01-unofficial-twrp.markdown
new file mode 100644
index 0000000..52f5fe8
--- /dev/null
+++ b/_posts/2020-05-01-unofficial-twrp.markdown
@@ -0,0 +1,24 @@
+---
+layout: post
+title: "Unofficial TWRP Downloads"
+date: 2020-05-01 10:30:00
+categories: unofficial
+---
+
+It has recently come to our attention that there are sites that publish "unofficial TWRP" images.
+These are versions of TWRP that are being distributed out of our authority based on forks and
+internal unpublished sources from people not associated with our site. Unfortunately we don't
+have a lot of time to police these sites and images. Some are forks of our project that are not
+forwarding back patches to our gerrit site, or they just cherry-pick open commits and release
+them before the patchsets can be vetted and merged to the baseline. Some sites just scrape images
+from our download sites and post them as their own.
+
+We try to pride ourselves on the security and established chain of repudiation by using GPG
+signatures and publishing SHA2 hashes to show the images haven't been modified from the original
+build on our jenkins server. Our jenkins build logs are able to be seen by anyone wanting to verify
+how their image was built. Our sites are using Let's Encrypt for end-to-end TLS encryption. We are
+not serving any pages or images outside of this TLS end-to-end encryption.
+
+We are receiving much community support but unfortunately the aforementioned unofficial versions of
+TWRP can never meet any type of veracity from TeamWin. Please consider your security before
+installing any unofficial TWRP to your device.