Email or username:

Password:

Forgot your password?
Top-level
Sylvia

@fdroidorg For context: github.com/mastodon/mastodon-a

tl;dr: Mastodon added an in-app updater that would move users from the F-Droid version to the GitHub version and was unwilling to provide an .apk file for a version with the updater either disabled or with a note added explaining users that if they used it they would start getting their updates from them directly instead of from F-Droid. And without an .apk file from the developers to compare to, reproducible builds are simply not possible.

12 comments
luna

@SylvieLorxu @fdroidorg FUCK IT, time to continue working on that old fork of mine

Samantaz Fox

@SylvieLorxu @fdroidorg how on earth Android apps can come with auto-updaters in the first place?!
I don't think Google would allow that either...

Sylvia

@SamantazFox @fdroidorg in F-Droid reproducible builds the developers provide an .apk file and F-Droid builds an .apk file from the source code and they get compared.

If they match, the .apk file from the developer is used.

One side effect is that in-app updaters because possible. F-Droid has decided that in-app updaters are okay as long as they're opt-in and clearly explain to the user they're changing their primary source of trust.

For more details, see f-droid.org/en/2023/01/15/towa

@SamantazFox @fdroidorg in F-Droid reproducible builds the developers provide an .apk file and F-Droid builds an .apk file from the source code and they get compared.

If they match, the .apk file from the developer is used.

One side effect is that in-app updaters because possible. F-Droid has decided that in-app updaters are okay as long as they're opt-in and clearly explain to the user they're changing their primary source of trust.

Sylvia

@SamantazFox @fdroidorg But you're right that Google doesn't allow this.

The official Mastodon app actually has a special flavour for Google without in-app updater, but the Mastodon team was unwilling to provide .apk files for it (stating that it was too much work to supply that on top of the .aab they build for Google).

And thus, F-Droid was left without an .apk file that was compliant with F-Droid policy. And after a lot of difficulty it was decided to drop reproducible builds, sadly.

Samantaz Fox

@SylvieLorxu @fdroidorg
That sucks :/
Thanks for the detailed answer, though ^^

always tired (moved to chaos)

@SylvieLorxu @SamantazFox @fdroidorg I don't like that. In app updates in more and more apps means yet more redundant code bloat. Let dedicated package managers / app stores do what they're there for

Adam Honse

@project1enigma @SylvieLorxu @SamantazFox @fdroidorg Seriously, in-app updaters are stupid. Let the package manager do its job. Built-in updaters is the shitty outdated Windows way of doing things. If I download a version from your website I want it to stay that way, otherwise I would've downloaded it from a repository with a package manager.

Doomsdayrs :fedora: :matrix:

@SylvieLorxu @fdroidorg #shosetsu has an in app updater that is configured to just open f-droid ;p

Doomsdayrs :fedora: :matrix:

@SylvieLorxu @fdroidorg ehm, correction. The in app updater just gives you the direct download link from the F-Droid server

I forgot why I didn't make it just open the app

DELETED

@SylvieLorxu GitHub is worst, many countries are blocked by GitHub and history of problems. Some one should report this to them.

Go Up