sihil
commented
4 years ago As an extension to this, how can you demonstrate or make it possible to verify that the code on the App Store is the code in this repository?
Closed rachellawson closed 4 years ago
sihil
commented
4 years ago As an extension to this, how can you demonstrate or make it possible to verify that the code on the App Store is the code in this repository?
jagoosw
commented
4 years ago @sihil - apparently the correct way to verify open source iOS apps is "reproducible builds" which, as the original issue requests, would require up to date source code. Telegram does this: https://core.telegram.org/reproducible-builds
gawbul
commented
4 years ago The most recent commit to this project was over a month ago - will we get to see the actual code that the app is running?
I'm not an iOS developer, but could this be due to the time it takes to go through the review process with the App Store?
cooperj
commented
4 years ago My guess is that because of the nature of the app the would be given priority review slots.
DMBryant
commented
4 years ago No - they can commit the code to GitHub any time they want. There may be a delay whilst the public code is 'sanitised' of any internal references but it shouldn't take this long.
The most recent commit to this project was over a month ago - will we get to see the actual code that the app is running?
I'm not an iOS developer, but could this be due to the time it takes to go through the review process with the App Store?
nhs-covid19
commented
4 years ago Thanks for your interest in the NHS Covid-19 project. We endeavour to release the code publicly on GitHub when we publish a new version to the App Store. The iOS app was Generally Available on 24th September, and this is when the source code for the app was published. Reproducible builds are a bit tricky on iOS for the reasons given in the telegram link, however the code here is absolutely intended to be a faithful copy of source code of the app on the App Store, except for any deployment specific configuration or secrets. We intend to follow the open source guidelines at https://www.gov.uk/government/publications/open-source-guidance - the application configuration code is available at https://github.com/nhsx/covid19-app-system-public
paulchambers
commented
4 years ago The code here appears to match the release from the 24th but there was a second release on the 25th.
Is that code here? How can we tell?
gawbul
commented
4 years ago No - they can commit the code to GitHub any time they want. There may be a delay whilst the public code is 'sanitised' of any internal references but it shouldn't take this long.
The most recent commit to this project was over a month ago - will we get to see the actual code that the app is running?
I'm not an iOS developer, but could this be due to the time it takes to go through the review process with the App Store?
Yes, @DMBryant, I understand how Git/GitHub works. My question, or rather my consideration was - could the code have been the most recent iteration representative of the published app, but the apparent delay was because of the time it takes to get through the AppStore review? If as @cooperj suggests, they get priority reviews, then this may not be relevant?
As @paulchambers highlights, however, there was a second release shipped on the 25th that may perhaps not have been represented here at the time? Though, there appear to have been a number of changes pushed since then.
The most recent commit to this project was over a month ago - will we get to see the actual code that the app is running?