Three years ago, had a similar kind of attempt as the . A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a . In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now

The and other actions against app stores are based on the idea that an app store companies should not "self-preference" their own apps or services. This makes sense to a certain degree, especially when thinking about business. Ethical reasons must also be considered. preferences apps based on and Anti-Features, which we as a community define. We should always be allowed to preference apps that follow standards of .

I wish the team would follow repository best practices and stop silently reissuing binary releases under the same name/version. does not allow this, for example. The transparency log shows the newest violation: two version of with the file name, version code, and metadata.

git fsck makes it much harder to attack a git repo, but it seems that the normal git workflow does not enable it by default. In it is enabled for all fetches in our config:

But I still can't find a clear answer about what checks does by default. Anyone know?

I got the opportunity to go to and of course I had my "hat" on. I wrote up some quick impressions of my trip, including what I learned about the 's and

There really are a lot of important projects represented there:

Based on @maarten 's post I think the only people listed in my example that would be at all regulated by the would be the last one: "contracted contributors". It sounds like they might be considered "open source software stewards" with obligations under Article 17a depending on whether the considers F-Droid as "intended for commercial activities"

My guess is /#Ubuntu would be considered commercial while /#Debian would not

Show thread

@roptat thanks for your nice visualization of in apps in it is interesting to see which languages are the most active. If you're interested in more data sources, there are a lot of public data sources:

For example, you might enjoy looking at the most popular search queries with the included language and country data:

After my current understanding of how and affects and anyone who contributes to it:

* F-Droid org makes the "product" so it would be liable
* F-Droid is currently entirely non-commercial, handles no money
* Volunteer contributors are very clearly exempt from all this
* Donation funded contributions are also exempt
* Contracted contributors are helping build the regulated product, so the legal entities of the contractors would not be liable for F-Droid's "product"

At the beginning of 2023, there was a sudden increase in the rate of growth of bandwidth usage on the . I can't think what might have caused such a dramatic, acute event. It is really an elbow. Any ideas?

So I messing around a bit more with stats data from the mirror hosted by @FAU in Germany:

* About 25% of the bandwidth of the mirror is for
* Countries by percentage total bandwidth usage since /fdroid/ was added in 2019:

47.83% Germany
9.04% United States
5.13% China
3.68% Italy
2.69% France
2.55% United Kingdom
2.07% Russia
1.93% Switzerland
1.87% Estonia
1.82% Poland
1.70% Austria
1.40% Netherlands
1.38% Czechia
1.28% Canada


Show thread

is consistently growing in its bandwidth usage over the years, as shown by this stats graph from the mirror. Interesting to see the short downward section when we added new official mirrors in April and November.

Thanks @FAU for the mirror, the bandwidth, and the stats!

@U039b would you want to automatically upload all releases to If so, that is something I would like to setup.

@jcaleitao has been trying to use your gateway, but it does not seem to be working. returns "502 Bad Gateway" but that CID works on other gateways. Are you still maintaining your gateway? Are there restrictions on what it will host? is all free open source software apps, so should be uncontroversial.

In my work with I've discussed our work with gov regulators for South Africa, UK, EU and Japan as well as competition litigators from multiple US States and the EU. From this, I'm starting to see a picture of 's and 's semi-related strategies of making "sideloading" (installing apps outside of their control) look bad as a way to keep their monopolies in the face of and other regulatory actions. I'm still looking for data about the actual real world risks 1/

When organizations that use maintain the packages they use in Debian, the whole ecosystem gains. The more organizations that do that, the more efficient the whole ecosystem becomes for all users. Here's a recent example from :

I'm a Debian Developer, I'm happy to help get organizations working in this way. Reach out if you're interested!

Statements like this make me question if is actually a useful info source:

"Since APKs downloaded from outside Google Play cannot be vetted, the best way to protect against these threats is to avoid installing Android apps from third-party sites in the first place."

not only vets the binaries it ships, it also vets the source code. is not the safest source of apps on .

On the public , mystery accounts are creating Old English (ang) and Middle English (enm) in the projects. They don't respond to my messages, or do any translation work. This makes me suspect foul play. Anyone have any ideas?

For example:

I still don't get why or do not allow devs to give source when uploading apps for review. It makes review tasks much easier and more reliable, as we've seen with 's review. Would it scare the app devs too much? Are they more interested in cheap "window dressing" reviews than actually catching things? It is hard not to see bias since both are getting lots of money from apps they are policing.
For example 1/

Looks like the latest release of , v1.17.0, does not get flagged by , at least in the 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged , but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.

Show thread

We can set up communities with hard requirements to respect the community. This is why is legally structured to put first and foremost, via legal structures set up by Commons Conservancy.

Show thread
Show more
image/svg+xml Librem Chat image/svg+xml