Certificate issue - Githubissues

dgudim / Scheduler

A small app that shows your todo list on your lockscreen

GNU General Public License v3.0

23 stars 2 forks source link

Certificate issue #21

Open IzzySoft opened 7 months ago

IzzySoft commented 7 months ago

A scan (see here for details and background) just revealed the APKs at your releases are signed using a debug key. As that has security implications, may I ask you to please switch to a proper release key, and provide the corresponding APK signed with it? Thanks in advance!

dgudim commented 7 months ago

Hey, thanks for reminding. I know about the debug keys situation and will switch to proper ones once the export/import settings function is working properly.

IzzySoft commented 7 months ago

Thanks! Please give me a ping when the release-key signed APK(s) is/are available, as I then need to pin the new certificate hash here in my repo at that point.

IzzySoft commented 6 months ago

Hi @dgudim, may I kindly ask for an ETA? End of this month, the last debug APK should be gone from my repo, so I ask for orientation here.

dgudim commented 6 months ago

Oh, I am kinda busy with life right now. Can you just leave it in the repos for now please? I'll try to get to it ASAP

IzzySoft commented 6 months ago

I'll try as long as possible. But I cannot prolong that forever – that issue needs to be closed, which can only be done when it's solved. What's needed here is just:

creating a proper release key if you don't have one yet
taking the unsigned APK and sign it with that key
making the resulting APK available here.

If it helps you I can dig up "step by step guides" to creating the key and signing with it. I'm no Android dev, so I don't know that off-hand. If that would help you, let me know what you're using. You can sign with apksigner of course, but IDEs like Android Studio or IntelliJ IDEA have that stuff integrated, so you might prefer a specific path here.

IzzySoft commented 5 months ago

@dgudim last call unfortunately now: end of month remaining "debug APKs" will be removed here. So if we have no proper replacement, that would mean your app "disappearing" from the repo. Can of course be reestablished later, once the APK becomes available – but there will be a gap then.

IzzySoft commented 5 months ago

I've kept it as long as I could, but sadly need to take action now; hope you'll understand that. The app will be gone from my repo with the next sync around 6 pm UTC. Please reach out to me once you have a fixed APK ready, so we can bring it back again. Meanwhile, all the best for you!