"F-Droid, started in 2010, still building on the same CPU" would be our anti-planned obsolescence imaginary campaign motto 😄
Jokes aside, we can't ask you to star https://issuetracker.google.com/issues/438515318 (and have its priority raised) but we can't stop you either. 😉
@fdroidorg We have to put a lot of trust in a couple of systems: the signing server and the production buildserver. That is why they are not easy to upgrade. That provides key benefits down the line, like knowing that the client app will always receive uncompromised files, no matter where it downloads the files from (e.g. verification via the signed index). Thanks for your patience while we work in getting new hardware into our trusted #secure #maintenance setup. 1/2
@fdroidorg #ReproducibleBuilds helps a lot here, that is our long term plan. Then we do not have to trust the buildserver as much. The majority of apps on F-Droid can now be built reproducibly, but many important ones still cannot. So we still need the same setup with high security requirements.
@eighthave @fdroidorg thanks for the reply; yeah that makes sense. Is there a way to support you in that effort, specifically.
@funkylab @fdroidorg we are always looking for qualified help running these secure servers, if you know anyone that might be interested. Also, donations of hosting, hardware and money are always appreciated. https://gitlab.com/fdroid/wiki/-/wikis/Internal/Servers#how-to-donate-servers-andor-hardware
