Email or username:

Password:

Forgot your password?
F-Droid

We regret to inform you that Mastodon has decided to leave the F-Droid Reproducible Builds project.

Going forward, Mastodon updates on F-Droid will be maintained by the F-Droid team and signed with an unique per-app key generated by F-Droid.

If you installed Mastodon through F-Droid, please uninstall and reinstall it to keep receiving updates.

104 comments
DELETED

@fdroidorg e-z, don't use their app, there's better ones out there.

💾🪠

@fdroidorg sounds like the Mastodon official app is well on its way to becoming closed source

💾🪠

@fdroidorg FYI to arguebots out there, I don't have any insider knowledge, this is just my opinionated reaction to an open source project taking action to disable automated reproducible builds. They must have plans for their build to change in such a way that it can no longer be reproducible. Presumably this means incorporating some closed source into it.

They could just be adding google sign-in into the app 🤷‍♀️

Cliff

@Bitplumber @louis Before you respond with things like this, please do your research so you don't look quite so silly. The app is moving to a built-in updater system. Nothing to do with closed source as you so quickly assumed. Like come on!

People just "summarizing" yet really they are just "making stuff up" because that is NOT what was said in any way.

Please stop spreading false information. You're only confusing EVERYONE.

Sylvia

@fdroidorg For context: github.com/mastodon/mastodon-a

tl;dr: Mastodon added an in-app updater that would move users from the F-Droid version to the GitHub version and was unwilling to provide an .apk file for a version with the updater either disabled or with a note added explaining users that if they used it they would start getting their updates from them directly instead of from F-Droid. And without an .apk file from the developers to compare to, reproducible builds are simply not possible.

@fdroidorg For context: github.com/mastodon/mastodon-a

tl;dr: Mastodon added an in-app updater that would move users from the F-Droid version to the GitHub version and was unwilling to provide an .apk file for a version with the updater either disabled or with a note added explaining users that if they used it they would start getting their updates from them directly instead of from F-Droid. And without an .apk file from the developers to compare to, reproducible builds are...

luna

@SylvieLorxu @fdroidorg FUCK IT, time to continue working on that old fork of mine

Samantaz Fox

@SylvieLorxu @fdroidorg how on earth Android apps can come with auto-updaters in the first place?!
I don't think Google would allow that either...

Sylvia

@SamantazFox @fdroidorg in F-Droid reproducible builds the developers provide an .apk file and F-Droid builds an .apk file from the source code and they get compared.

If they match, the .apk file from the developer is used.

One side effect is that in-app updaters because possible. F-Droid has decided that in-app updaters are okay as long as they're opt-in and clearly explain to the user they're changing their primary source of trust.

For more details, see f-droid.org/en/2023/01/15/towa

@SamantazFox @fdroidorg in F-Droid reproducible builds the developers provide an .apk file and F-Droid builds an .apk file from the source code and they get compared.

If they match, the .apk file from the developer is used.

One side effect is that in-app updaters because possible. F-Droid has decided that in-app updaters are okay as long as they're opt-in and clearly explain to the user they're changing their primary source of trust.

Sylvia

@SamantazFox @fdroidorg But you're right that Google doesn't allow this.

The official Mastodon app actually has a special flavour for Google without in-app updater, but the Mastodon team was unwilling to provide .apk files for it (stating that it was too much work to supply that on top of the .aab they build for Google).

And thus, F-Droid was left without an .apk file that was compliant with F-Droid policy. And after a lot of difficulty it was decided to drop reproducible builds, sadly.

Samantaz Fox

@SylvieLorxu @fdroidorg
That sucks :/
Thanks for the detailed answer, though ^^

always tired (moved to chaos)

@SylvieLorxu @SamantazFox @fdroidorg I don't like that. In app updates in more and more apps means yet more redundant code bloat. Let dedicated package managers / app stores do what they're there for

Adam Honse

@project1enigma @SylvieLorxu @SamantazFox @fdroidorg Seriously, in-app updaters are stupid. Let the package manager do its job. Built-in updaters is the shitty outdated Windows way of doing things. If I download a version from your website I want it to stay that way, otherwise I would've downloaded it from a repository with a package manager.

Doomsdayrs :fedora: :matrix:

@SylvieLorxu @fdroidorg #shosetsu has an in app updater that is configured to just open f-droid ;p

Doomsdayrs :fedora: :matrix:

@SylvieLorxu @fdroidorg ehm, correction. The in app updater just gives you the direct download link from the F-Droid server

I forgot why I didn't make it just open the app

DELETED

@SylvieLorxu GitHub is worst, many countries are blocked by GitHub and history of problems. Some one should report this to them.

Nordnick :verified:

@fdroidorg

Good to know.

Now i know, why #MfA 1.1.3 and 1.2.2 use different signatures.

Anyway just for testing...

... this toot was touched with #Tusky.

Rapha3l

@fdroidorg @mho
The more I can use the F-Droid App-Store, the lesser I depend on the Google App-Store!

Jele

@fdroidorg
What a mess. Whats wrong with the developers there?

DELETED

@jele @fdroidorg They start to extract value out of the Mastodon brand and begin to isolate from the Fediverse.

Unfortunately, thanks to the media, the public perception has come to equate "Mastodon" with the Fediverse. Eugen, as CEO of Mastodon Corporation, has understood this very well and is now implementing his strategy of going it alone. Just yesterday I read on the Discord server how he talked about the fact that instances that do not belong to the super big ones should better be operated in isolation. Heard correctly!

@jele @fdroidorg They start to extract value out of the Mastodon brand and begin to isolate from the Fediverse.

Unfortunately, thanks to the media, the public perception has come to equate "Mastodon" with the Fediverse. Eugen, as CEO of Mastodon Corporation, has understood this very well and is now implementing his strategy of going it alone. Just yesterday I read on the Discord server how he talked about the fact that instances that do not belong to the super big ones should better be operated in...

radioactivestardust

@louis @jele @fdroidorg
I would be very happy about a source as in screenshot of said discord chat, because i would not give much about hearsay.

radioactivestardust

@louis Well, sadly the link lead to nowhere, so i recommend adding a screenshot.
Secondly, i cannot read out of that sentence, what you read into it.

i have no clue about the F-droid issue, i hope Mastodon as cooperation could explain that at some point. However, all he said was that there is a clash between old and new users. That decentralisation helps closing communities and Twitter users do have different expectations on social media.

DELETED

@bookstardust Here is a screenshot of this particular message. But it is only one of many such statements recently made bei Eugen and the direction they take, regarding the iOS onboarding or the withdrawal from reproducible build on F-Droid, is consistent with that.

He made that very clear in this interview:

"[...], so for that reason, we have historically been trying to promote a healthy distribution of people across these different servers. However, I’ve learned over the years that there is no replacement for having a default, right? I’m sure you realize."

theverge.com/23658648/mastodon

@bookstardust Here is a screenshot of this particular message. But it is only one of many such statements recently made bei Eugen and the direction they take, regarding the iOS onboarding or the withdrawal from reproducible build on F-Droid, is consistent with that.

He made that very clear in this interview:

radioactivestardust

@louis 1. We are only talking about the official Mastodon app (which no one uses)
2. we are only talking about new users, trying to onboard to mastodon.
3. it is VERY complicated, for users with no technical background who are trained to make an account on whatever is currently "in". (Example: you use Tiktok, you go get app, you make account, you in).
Like how did you learn which browser to use or which Email account? Was it conscious choice? Is he not right that experience said to simplyfy?

DELETED

@bookstardust Firstly, it's not accurate to say that "no one uses" the official Mastodon app. In fact, new users prefer to use the official app because it is "official" and carries the Mastodon brand. You yourself say: "you go get app, you make account, you in". That's exactly the behavior Mastodon Corporation is counting on to lock in new users to mastodon.social. And moving accounts between server is still difficult and you loose all your content.

Secondly, while Mastodon onboarding may have a steeper learning curve compared to some social media platforms, I disagree that it's "VERY complicated." Freedom often comes with the burden of choice and Mastodon got successful despite users having to choose an instance in the first place. You made your way to the Fediverse, didn't you?

Moreover, who said that Mastodon must compete with Twitter or Tiktok in the first place? That is a narrative that was formed by Eugen himself. Who wants Mastodon to be a copy of one of the big social media platforms.

Finally, while it's true that some users may be hesitant to try a new platform, I don't think that's a reason to simplify Mastodon. Rather, I believe that offering users more choice and diversity in social media options is actually a good thing. We can teach the public that participation in social media is not synonymous with subservience to a single U.S. tech company.

@bookstardust Firstly, it's not accurate to say that "no one uses" the official Mastodon app. In fact, new users prefer to use the official app because it is "official" and carries the Mastodon brand. You yourself say: "you go get app, you make account, you in". That's exactly the behavior Mastodon Corporation is counting on to lock in new users to mastodon.social. And moving accounts between server is still difficult and you loose all your content.

Nathan A. Stine

@louis @jele @fdroidorg i am on the Discord server and must have missed that. What channel and time is the message on?

Nathan A. Stine

@louis i find that to be a poor summarization of what he said. He said that the mid-sized instances are generally not good for random people who want a "Twitter" experience. They are good for "whatever community wants to use them to be isolated amongst themselves."

I've been disappointed with Eugen on several issues, but he didn't say anything about how non-large instances should be isolated from others.

Artificial Stupidity

@jele, classic “enshittification” in progress, just started @fdroidorg

Greenpete (No Flag)

@fdroidorg Along with their approach to on-boarding, this isn't making them look too good.
Maybe @Tusky is a better bet, that app doesn't have 'anti-features like the official app...

lerothas

@fdroidorg I just recently saw their app on f-droid. But since I'm very happy with @Tusky ,I had no reason to install it. I'm glad I haven't done it.

Nikuraſu

@fdroidorg If you installed Mastodn through F-Droid, please use at least a fork of it like @megalodon or @moshidon

loutre :verified: :verified:

@fdroidorg i was starting to freak out, and then i remember i don't even use it lol

Diego

@fdroidorg I guess this doesn't affect @Tusky Correct?

Ich denke, das betrifft nicht #Tusky. Richtig?

Sylvia

@dwrweb @fdroidorg @Tusky Tusky was added to F-Droid before F-Droid started spending more resources on reproducible builds.

Because introducing reproducible builds is way easier for new apps than existing apps (due to the key changes), Tusky has never been built reproducibly.

That is not to say that Tusky is insecure, just that F-Droid doesn't ships an .apk they build instead of a confirmed-to-be-correct .apk from the Tusky developers.

See f-droid.org/en/2023/01/15/towa for more details.

@dwrweb @fdroidorg @Tusky Tusky was added to F-Droid before F-Droid started spending more resources on reproducible builds.

Because introducing reproducible builds is way easier for new apps than existing apps (due to the key changes), Tusky has never been built reproducibly.

That is not to say that Tusky is insecure, just that F-Droid doesn't ships an .apk they build instead of a confirmed-to-be-correct .apk from the Tusky developers.

Sylvia

@dwrweb @fdroidorg @Tusky So, only the official Mastodon app changed signature and needs a re-install. Tusky is still on the same signature as day one and updates will keep arriving with no user action needed.

Niku

@fdroidorg If you installed Mastodon through F-Droid, please uninstall and use at least a fork of it like @megalodon or @moshidon

j.r

@sergiofdezsaez @fdroidorg which is not even in the main F-Droid repo :(

Megalodon 🏳️‍⚧️

@jr @sergiofdezsaez @fdroidorg if someone throws the missing steps at me, i might as well see if i can follow them as i'd love to have megalodon listed on f-droid - but i don't have the capacities to figure this out myself at the moment

mrscientific

@fdroidorg
That's unfortunate. I can understand if it was like this to begin with, but removing this after it was implemented is a bit iffy to me. I personally am changing my client to Tusky. Not because I fear that Mastodon will go proprietary, but mostly because I'll have relogin anyway, may as well try something else.

Serlwch ✨

@mrscientific@mastodon.social @fdroidorg@floss.social

Fedilab is also very nice; if you are trying new apps anyway you might want to give it a try 🙂

Mighty Murder Mittens

@fdroidorg Mastodon is better off as a universal web app anyway.

citc
"universal web app"???
Once upon a time, known as a w3c compliant web site, for true accessibility to all...
Friedhof der Kuschelbiere

@fdroidorg
That does affect the official App, right? Alternate clients like Fedilab aren't affected?
@mtz767

Serlwch ✨

@fdroidorg@floss.social

This kind of behaviour — as well as questionable things with mastodon.social and
#Mastodon in general — is a reminder that a Mastodon™-based monoculture is detrimental to the health #Fediverse as a whole. Use any of the multitude of apps, instances and software that make the Fediverse, not just the official Mastodon app + mastodon.social + Mastodon trinity… ☘️

Jamian

@fdroidorg Eh ben je suis content d'avoir opté pour @Tusky du coup :-)

( Well, I'm glad I chose Tusky then :-) )

nichu42

@fdroidorg
I'm wondering why anyone who is capable of using F-Droid would want to use the "official" Mastodon app.

joene 🏴🍉🌲

@fdroidorg Fortunately there are some very good forks, like Moshidon.

ɟloʍ

The so called "official App" is crap anyway ;-)
You will find good and open source Fediclients on @fdroidorg that are way better:
f-droid.org/packages/fr.gouv.e

f-droid.org/packages/com.keyle

Also consider to choose another nice server software without all the restrictions that Masto comes with!
Fedi ≠ Masto

Yvon Hawke ☑️
This decision may have been a *BIG* mistake on their part.

@fdroidorg @mastodon
Queenero89

@fdroidorg Da que pensar este tipo de decisiones.

Asturel :verified:

@Queenero89 @fdroidorg Buff, qué movimiento más raro y más opaco no? :anime_toradora:

Rob Bos

@fdroidorg I'd say they should ditch the official client anyway and let them focus on the server software. Their team can afford to specialize now that the ecosystem has exploded with alternative clients.

Rara

@fdroidorg to the people that will see this post, this is not inherently bad. This is simply Mastodon moving from app updates in F-Droid to an in-app updater, which is against F-Droid’s inclusion policy.

It’s a very minor difference of opinion, not an indication that Mastodon will become closed source. This has never been so much as implied by the Mastodon team.

j.r

@raracool @fdroidorg what worries me more, is that Mastodon does not seem to really care about F-Droid users at all. Although multiple people from the F-Droid team recommended them to communicate the necessary manual update steps it seems like they don't care...

ekes

@raracool @fdroidorg

Considering the way grishka & Co. argue about reproducible builds, it seems to be more of a matter with their competence.

Besides, you aren't making any friends by dropping F-Droid - for an in-app updater at that.

Geku

@#fdroidorg@#floss.#social
# deepl

Wir bedauern, Ihnen mitteilen zu müssen, dass Mastodon beschlossen hat, das F-Droid Reproducible Builds Projekt zu verlassen.

Zukünftig werden #MastodonUpdates auf F-Droid vom F-Droid-Team gewartet und mit einem einzigartigen, von F-Droid generierten Schlüssel pro #App signiert.

Wenn Sie #Mastodon über #FDroid installiert haben, #deinstallieren Sie es bitte und installieren Sie es neu, um weiterhin #Updates zu erhalten.

@#fdroidorg@#floss.#social
# deepl

Wir bedauern, Ihnen mitteilen zu müssen, dass Mastodon beschlossen hat, das F-Droid Reproducible Builds Projekt zu verlassen.

Zukünftig werden #MastodonUpdates auf F-Droid vom F-Droid-Team gewartet und mit einem einzigartigen, von F-Droid generierten Schlüssel pro #App signiert.

qu0th the void

@fdroidorg meh, so what? I ditched fdroid a while ago over security issues. They’re slowly getting there but its still not secure.

Nathan A. Stine

@fdroidorg it's too bad how this went down. I wish @Mastodon would have been easier to work with on this issue.

root.admin🔅

@MadameLasagna

Mastodon and FDroid are no longer working together to ensure both release on FDroid and Play Store are the same copy.

Moving forward, people that download Mastodon from Play Store will have to trust Mastodon are actually using the public source code and vice versa.

@fdroidorg

Dawn Tåke 🌙:sparkletrans:

@fdroidorg
I'd be more miffed if I still used it. I use Tusky and Fedilab depending on the device.

I do wonder at the motivation though. If it's similar to Proton's, or something more heinous.

Eugen Rochko

@fdroidorg We did not leave the F-Droid Reproducible Builds project, because we never entered it in the first place. It was not an active decision by us; F-Droid manages their own app repository and decides which apps go in and how they are built. Our development process results in two artifacts, a AAB build for the Play Store, and an APK build that is published on GitHub, both of which are made from the same 100% open-source, GPL code.

defcon42 (Mirko) :fediverse:

@fdroidorg Wow. I don't use an app for the Fediverse, but spreading lies - and getting caught - will hurt your project. This needs a hell of an explanation or i am done with your store. What a cheap shot, didn't expect this.

Go Up