Hans-Christoph Steiner @eighthave@librem.one

Just to be sure, I scanned all apps on @fdroidorg and found no apps that used the libs vulnerable to #ReactServer #CVE-2025-55182 aka #React2Shell.

I'm no #Javascript nor #React dev though, maybe it was silly to scan apps for server components? In any case, #FDroid's data collection is easy to scan via scripts, so better safe than sorry.

Looking for strict #HTTPS enforcement when using #Git in #Python code? I implemented it here: https://github.com/gitpython-developers/GitPython/issues/2020

It should be easy to port to other languages since it is mostly using git config options.

#AgeVerification is a hot topic right now. Societies around the world are asking for it because of real harms to children. Shady companies use it as a way to gather more data, or to distract from their exploitation of vulnerable people.
But it does not have to be that way.
We can have real age verification without sacrificing #privacy. For example, #Phreeli uses #ZeroKnowledge payment verification. This same technique can be used for age verification https://www.phreeli.com/blog/DoubleBlindArmadillo

@fj as much as I like to see social democratic values being defended, I must also point out that there is also a tone of nationalism in what she is saying, as in "we should keep what we have here in Europe". We should also never stop recognizing that the wealth of Europe was built on the backs of so much of the world. And we have a massive climate impact debt to the world.

@Tutanota It is true that some are trying to utilize age verification to gather more data, but it does not have to be that way. We can have our cake and eat it too. We can have real age verification on the internet and in apps without sacrificing privacy. That is the most important takeaway here. Phreeli is a new phone company that does zero knowledge payment verification. This same technique can be used for age verification as well!

https://www.phreeli.com/blog/DoubleBlindArmadillo

I made a minor v2.4.3 release of fdroidserver to support Python 3.14, which is rollling out some places already
https://pypi.org/project/fdroidserver/2.4.3/

#FDroid #fdroidserver #release

@pinkie161 @EUCommission That kind of thing does not replace trains. It could make it economically feasible to run transit in places where trains would just be too expensive, e.g. rural areas.

@accrescent I don't think Google will just acquiesce and implement it that way. We need to keep the pressure on them to ensure it actually happens in a way where Free Software and app stores like ours can continue to function how we except them to.

Happy Thankgiving! Celebrating the day Americans fed undocumented immigrants from Europe.

@LaQuadrature I agree that media coverage of privacy-preserving tech is too often just replaying law enforcement PR points, and that its harmful to privacy. I wish the GrapheneOS project didn't have a long track record of wild accusations. If it is true that the French government is trying to mess with the project, I'd like to be able to support the GrapheneOS project. But it is really hard to know...

@EUCommission this is actually quite cool, I like that it looks super nice to ride in: comfy seating and big windows. We can make mass transit a better experience than driving cars. I already reguarly experience this taking the RailJet and CityJet through Austria.

@nextgraph @NGICommons you can see the raw recording of live stream still. That's at https://www.youtube.com/live/meseh2tjhDE

@accrescent I'm curious about how you plan to do this:

"We also plan to continue allowing developers to submit apps to Accrescent without registering their apps through Android developer verification"

From what we've seen, those apps would not be installable on Android, but only AOSP ROMs that remove the new restrictions. Did Google provide anything concrete that lets Accrescent install "unverified" apps on Android devices? We've only heard vague promises.