This level of vigilance is hard, so we have added another layer of defense in the upcoming client v1.16 release, currently in beta. We've moved the database to be based on and its built-in measures, then had that new code audited 2/2

Show thread

and require signature verification, and is built on top of 's APK signing. This improves things a lot but does not mean they are immune. Debian and F-Droid repos can still override packages lower priority repos. It could make sense to have a "no overrides allowed" setting, but that would restrict useful features. Maybe F-Droid could implement "no new signing keys when overriding" rule by default, I wonder how much that would break what people are doing now? 2/2

Show thread

@Gargron is providing a shining example of the new breed of "startup" culture that is arising. We want impact in the public interest, and just to make a living doing it. Getting rich is besides the point, and it is certainly not a reason to compromise the goals of the project. I believe is another example of this.

We welcome help for bumping the and have mapped out what needs to be done:

Given our limited resources, I have chosen to focus my time on concrete improvements for . The only thing I'm opposed to in all this is removing functionality in order to bump targetSdkVersion. Google's recent changes there have removed functionality that many rely on.

Show thread

When is built into a ROM, like , for , etc there is no popup warning with fdroidclient. That comes from "Play Protect", which is proprietary software that flags things based on automated rules, it does not point to real world security concerns for apps like . I have nothing against the sandbox, I just think it is important to note what it is good for, and what it cannot do well 2/2

Show thread

As lead maintainer of the official client, I hear a lot of criticism that is still at 25. fdroidclient is , publicly audited, with , written in memory safe languages, with a proven record of respecting and delivering . The source and binaries also receive human and machine review. is designed around untrusted proprietary software with non-memory safe code where the binary only gets machine review. 1/2

I work on because I believe in . One of the hardest things about working on a project like F-Droid is when someone decides to publicly campaign against our work, and its only loosely based on fact. We get a constant stream of inquiries from people who just found out, asking the same questions again. Now I understand why companies hire PR staff. Communications can require a ton of work and stress. And when a project is mostly volunteers, no one is keen to take on that stress

Now that I'm focused on client development, I have lots of time to toot because Gradle/Android builds take so damn long as compared to Python. 😂 😭

We want to add the official onion service for as an official mirror, so that clients will automatically use it. Please test by sharing the repo link to client then add it as a mirror:

This should prompt to add it as a mirror, which is safe since the keys need to match. Click cancel if it offers to add a new repo.

In the over 3 weeks since
shipped a big overhaul of the production buildserver, there have been updates published on most days: Nov16 Nov15 Nov14 Nov13 Nov11 Nov09 Nov08 Nov05 Nov01 Oct31 Oct30 Oct29 Oct28 Oct27 Oct26 Oct25 Oct24 Oct22 Oct21 Oct20

And now, even more exciting, is that this unlocked lots of low hanging fruit that can make the process run much faster.

Starting this week, I want to try something new in the weekly meeting slot (Thursdays @ 11:30 UTC): I'll have "office hours" so anyone can come and ask any question, either via the regular chat channels, or realtime voice in

Reading about how browser aims to remove unique IDs when counting users makes me think about how hasn't been tracking users from the beginning, and stopped tracking downloads years ago, and seems to only have become more popular. Makes me think that developed by community motivated by doing the right thing is a better way than a or being driven by . Maybe improving the of tracking is missing the point.

image/svg+xml Librem Chat image/svg+xml