Open ghost opened 1 year ago
RokeJulianLockhart
commented
9 months ago https://github.com/ProtonMail/WebClients/issues/357#issue-2000605570
@ghost, are you aware that https://github.com/ProtonMail/WebClients/issues is for https://github.com/ProtonMail/WebClients solely? Shame that there's no issue section at https://github.com/ProtonMail/proton-mail-android. Regardless, I agree.
geekley
commented
4 months ago Firstly, thanks for adding Pass and VPN on F-Droid. Please also add all others, like the Mail app (at least after #359).
It needs to be on the main F-Droid repo, as it guarantees builds are reproducible. Otherwise, there is no point really, as users without Play Store can already install something like Obtainium to update from GitHub releases directly.
I highly suggest you use the same signing key for the APK as the one in GitHub releases, for best compatibility (i.e. build it yourself instead of letting it be built and signed by F-Droid). See https://f-droid.org/en/docs/FAQ_-_App_Developers/#can-apks-signed-by-my-key-be-included This can be done for the existing apps too (Pass, VPN, SimpleLogin).
So, for this, the developer's builds need to be provably reproducible. A first step, if I'm not mistaken, could be through GitHub artifact attestations, which can be used to prove it's reproducible even before it's added to F-Droid, potentially facilitating the process (FairEmail recently did this, it seems).
Hi!
Can you please publish your app on F-Droid officially? Or at least make your own F-Droid repo like Tor did (link)?
F-Droid allows custom keys (more info)