Open MatsG23 opened 1 year ago
Second.
I don't really understand this. How is merely acquiring it from https://f-droid.org/packages/org.tasks/ somehow inferior?
I don't really understand this. How is merely acquiring it from https://f-droid.org/packages/org.tasks/ somehow inferior?
Never heard about it? You can, for example, read about security issues with F-Droid in this article. One big issue is that F-Droid builds all the apps and sign them with one F-Droid signing key. You must trust F-Droid fully that they are not compromised or add code (not that I would accuse them off). This is one single point of failure and it makes the idea of developer signing keys pretty useless.
three quarters of that article don't really apply here. And the remaining part boils down to "reproducible builds would be preferable".
I agree, they would. Would this solve your immediate concern? Because that is a request that I would also add my voice to.
Reproducible builds would be great but for me I'm interested in getting an APK from Github which is signed by the Tasks developers.
Reproducible builds would mean that F-Droid also delivers the developer-signed apks. They would only additionally verify that they get the same result. On F-Droid you can also just download an apk from the website without using their app.
I see. Yeah, a reproducible build which is published on F-Droid would be fine with me. Why not also post the APK here on Github if it is the same? I don't know how to tell if the F-Droid version is signed by F-Droid or not unless I manually check it. I guess if I reinstall Tasks, Android should let me know if the key has changed.
It'd be great to have APKs available. I'd like to get them with Obtainium without relying on f-droid's repo and their builds and keys.
https://github.com/tasks/tasks/issues/2040#issuecomment-1364029519
@rderensy, regarding reproducible builds, I've made an issue at https://github.com/tasks/tasks/issues/2577#issue-1949721627 because I didn't see one already.
I'm for builds downloadable on GitHub. 3 reasons:
Edit: For that matter, it's a simple GitHub Action, not sure why anyone would debate not making something more accessible. Just because one person likes something one way, doesn't mean everyone does. Software for everyone, please.
This is currently the only app on my phone that prevents me from completely ditching F-Droid for Obtainium, I'm not a developer, but from the above conversation it sounds like automating the .apk build for each release isn't very hard to do through GitHub.
FWIW you can use f-droid as a source in Obtainium, but having the apk from the dev would be better.
I was aware of that option, but the main reason I use Obtainium is the improved security and speed of updates.
It would be great if APKs could be released alongside the source for each release for people who don't want to get their apps through an app store. F-Droid has its own issues and is the only source for the FOSS version of your app.