Release FOSS Version to GitHub Releases

tasks / tasks

Bringing Astrid Tasks back from the dead

http://tasks.org

GNU General Public License v3.0

3.35k stars 491 forks source link

Release FOSS Version to GitHub Releases #2040

Open MatsG23 opened 1 year ago

MatsG23 commented 1 year ago

It would be great if APKs could be released alongside the source for each release for people who don't want to get their apps through an app store. F-Droid has its own issues and is the only source for the FOSS version of your app.

dariaGirl commented 1 year ago

Second.

RokeJulianLockhart commented 1 year ago

https://github.com/tasks/tasks/issues/2040#issue-1433525937

I don't really understand this. How is merely acquiring it from https://f-droid.org/packages/org.tasks/ somehow inferior?

MatsG23 commented 1 year ago

I don't really understand this. How is merely acquiring it from https://f-droid.org/packages/org.tasks/ somehow inferior?

Never heard about it? You can, for example, read about security issues with F-Droid in this article. One big issue is that F-Droid builds all the apps and sign them with one F-Droid signing key. You must trust F-Droid fully that they are not compromised or add code (not that I would accuse them off). This is one single point of failure and it makes the idea of developer signing keys pretty useless.

ccoenen commented 1 year ago

three quarters of that article don't really apply here. And the remaining part boils down to "reproducible builds would be preferable".

I agree, they would. Would this solve your immediate concern? Because that is a request that I would also add my voice to.

dmp1ce commented 1 year ago

Reproducible builds would be great but for me I'm interested in getting an APK from Github which is signed by the Tasks developers.

ccoenen commented 1 year ago

Reproducible builds would mean that F-Droid also delivers the developer-signed apks. They would only additionally verify that they get the same result. On F-Droid you can also just download an apk from the website without using their app.

dmp1ce commented 1 year ago

I see. Yeah, a reproducible build which is published on F-Droid would be fine with me. Why not also post the APK here on Github if it is the same? I don't know how to tell if the F-Droid version is signed by F-Droid or not unless I manually check it. I guess if I reinstall Tasks, Android should let me know if the key has changed.

Jerroder commented 8 months ago

It'd be great to have APKs available. I'd like to get them with Obtainium without relying on f-droid's repo and their builds and keys.

RokeJulianLockhart commented 8 months ago

https://github.com/tasks/tasks/issues/2040#issuecomment-1364029519

@rderensy, regarding reproducible builds, I've made an issue at https://github.com/tasks/tasks/issues/2577#issue-1949721627 because I didn't see one already.

Fmstrat commented 3 months ago

I'm for builds downloadable on GitHub. 3 reasons:

Using app managers like Obtainium
No middleman
Most annoyingly: Google Play is at 13.7, FDroid is at 13.6. GP constantly wants to update because my device is behind. FDroid updates way too slow.

Edit: For that matter, it's a simple GitHub Action, not sure why anyone would debate not making something more accessible. Just because one person likes something one way, doesn't mean everyone does. Software for everyone, please.

AtmosphericIgnition commented 1 month ago

This is currently the only app on my phone that prevents me from completely ditching F-Droid for Obtainium, I'm not a developer, but from the above conversation it sounds like automating the .apk build for each release isn't very hard to do through GitHub.

Jerroder commented 1 month ago

FWIW you can use f-droid as a source in Obtainium, but having the apk from the dev would be better.

AtmosphericIgnition commented 1 month ago

I was aware of that option, but the main reason I use Obtainium is the improved security and speed of updates.