Email or username:

Password:

Forgot your password?
F-Droid's posts Post Back to profile
Top-level
Sylvia

@SamantazFox @fdroidorg in F-Droid reproducible builds the developers provide an .apk file and F-Droid builds an .apk file from the source code and they get compared.

If they match, the .apk file from the developer is used.

One side effect is that in-app updaters because possible. F-Droid has decided that in-app updaters are okay as long as they're opt-in and clearly explain to the user they're changing their primary source of trust.

For more details, see f-droid.org/en/2023/01/15/towa

8 May 2023 at 18:10 | Wall-to-wall | Open on chaos.social
4 comments
Sylvia

@SamantazFox @fdroidorg But you're right that Google doesn't allow this.

The official Mastodon app actually has a special flavour for Google without in-app updater, but the Mastodon team was unwilling to provide .apk files for it (stating that it was too much work to supply that on top of the .aab they build for Google).

And thus, F-Droid was left without an .apk file that was compliant with F-Droid policy. And after a lot of difficulty it was decided to drop reproducible builds, sadly.

8 May 2023 at 18:12 | Open on chaos.social
Samantaz Fox

@SylvieLorxu @fdroidorg
That sucks :/
Thanks for the detailed answer, though ^^

8 May 2023 at 18:23 | Open on infosec.exchange
always tired (moved to chaos)

@SylvieLorxu @SamantazFox @fdroidorg I don't like that. In app updates in more and more apps means yet more redundant code bloat. Let dedicated package managers / app stores do what they're there for

8 May 2023 at 22:55 | Open on wandering.shop
Adam Honse

@project1enigma @SylvieLorxu @SamantazFox @fdroidorg Seriously, in-app updaters are stupid. Let the package manager do its job. Built-in updaters is the shitty outdated Windows way of doing things. If I download a version from your website I want it to stay that way, otherwise I would've downloaded it from a repository with a package manager.

8 May 2023 at 23:06 | Open on mastodon.social
Go Up