Closed chadcurtis closed 7 years ago
vishesh
commented
7 years ago @chadcurtis Those binaries belong to sql-cipher project. It is an open source library, so we can try to remove these binaries and rather use original source to build them. Can be added as gradle task or something.
chadcurtis
commented
7 years ago Thanks @vishesh. Is this something you'd be willing to look into? If so, it would make the process of moving this into F-Droid go more smoothly. Thanks!
vishesh
commented
7 years ago @chadcurtis I would like to, however, I can't do that anytime soon. In other words I'm calling out for help!
@akshatgoel Would you be interested in this?
faruktoptas
commented
7 years ago I removed binary libs with #35 sql-cipher is added with this dependency:
compile 'net.zetetic:android-database-sqlcipher:3.5.6@aar'
vishesh
commented
7 years ago Thanks @faruktoptas!
chadcurtis
commented
7 years ago Thank you for jumping on this so aptly, @faruktoptas.
I have re-submitted SealNote to the F-Droid queue here, but I noticed that they require the author to be notified of this inclusion (and to be supportive of it).
So, this is my notification! Are you fine with SealNote being part of the F-Droid library, @vishesh?
vishesh
commented
7 years ago @chadcurtis Yes I'll be happy to see Sealnote as part of F-Droid library.
faruktoptas
commented
7 years ago I think commons-codec.jar and guava-r09.jar should also be removed.
vishesh
commented
7 years ago @faruktoptas Yes right. Would you like to take a look at this? Or else, I can probably work on it this weekend among other things.
chadcurtis
commented
7 years ago @faruktoptas I've attempted to replace the jars with gradle dependencies in #39.
vishesh
commented
7 years ago Awesome! Merged the changes. Thanks @chadcurtis .
For reference: https://f-droid.org/forums/topic/sealnote/
I was looking into apps that are stuck in the F-Droid submission queue, and wish to see where I could assist to push these processes forward.
It seems that the binary libraries here are the issue in this case, as they are precompiled items that could pose a potential security threat in the eyes of those that appreciate full transparency. I do not know how to proceed, however, so I was hoping you may have insight!