Hans-Christoph Steiner @eighthave@librem.one

Just to be sure, I scanned all apps on @fdroidorg and found no apps that used the libs vulnerable to #ReactServer #CVE-2025-55182 aka #React2Shell.

I'm no #Javascript nor #React dev though, maybe it was silly to scan apps for server components? In any case, #FDroid's data collection is easy to scan via scripts, so better safe than sorry.

I made a minor v2.4.3 release of fdroidserver to support Python 3.14, which is rollling out some places already
https://pypi.org/project/fdroidserver/2.4.3/

#FDroid #fdroidserver #release

I'm a big fan of encrypted connections. Towards that end, I just did a survey of all the apps in @fdroidorg to see if any of the source repos would not work with https://. This includes the over 5000 apps and all of their git submodules. All the git URLs that did not have encrypted connections (e.g. git:// http://) could be upgraded to https://. So I filed a bunch of merge requests, and am working towards forcing https://

https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1737

#security #git #https #privacy #FDroid

When building software, I believe it is important to work in public. Software can give small groups of developers immense power over lots of people. Like how governments work in public and corporations have to be more public than private company, developers should be transparent not only with their source code, but also the discussions and processes while building it. This can be hard to get used to, but not bad once used to it. Great examples of this are #Debian #GitLab and IMHO #FDroid

Some #Android #SDK packages are updated with a revision number, but #sdkmanager does not allow installs to use that revision number. This sometimes breaks #ReproducibleBuilds. There is an issue open since 2017 about this:
https://issuetracker.google.com/issues/38045649

If anyone wants this feature, it should be easy to implement in #FDroid's sdkmanager:
https://gitlab.com/fdroid/sdkmanager/-/issues/26

For anyone who wants to relive the #Alphabet #DMAWorkshop the video has been released:

https://digital-markets-act.ec.europa.eu/events-poolpage/2025-alphabet-dma-compliance-workshop-2025-07-01_en

#DMA #compliance #competition #EC #EuropeanCommission #EU #gatekeepers #monopoly #mobile #Google #AI #GooglePlay #GooglePlayServices #GoogleFree #EDRi #FSFE #FDroid

A simple metric from #FDroid #metrics data: app downloads per week. Start with data from 1 of 2 servers for f-droid.org: http02, add hits for paths ending in ".apk". That gave about 2 million. Multiply by 18 (fronters + mirrors) and get ~36 mil app downloads a week.

import requests
hits = 0
r = requests.get(f'https://fdroid.gitlab.io/metrics/http03.fdroid.net/2025-05-26.json')
data = r.json()
for path in data['paths']:
if path.endswith('.apk'):
hits += data['paths'][path]['hits']
print('APKs', hits)

https://forum.f-droid.org/t/experiment-in-f-droid-org-metrics/32454