Hans-Christoph Steiner @eighthave@librem.one

Don't get me wrong, I love #apksigner for signing and verifying. It is a vast improvement over jarsigner, etc. And @fdroidorg relies on it. Passing apksigner should remain a requirement for any APK published on f-droid.org. As things stand now, I would be staunchly opposed to removing `apksigner verify` checks for f-droid.org. I also recommend that all repos also require apksigner. 3/3

For example, #fdroidserver is coded against apksigner from build-tools version vX.0.0. Someone does `pip install fdroidserver`. Then at some point, the user upgrades apksigner to version vY.0.0 which breaks the parsing before fdroidserver supports apksigner vY.0.0. That breakage needs to fail gracefully, and that is really hard to do. Much harder than just writing pure Python code to extract the certificates which is tested against the apksigner test suite. 2/3

I'm sometimes asked why #fdroidserver implements somethings in #Python rather than scraping #apksigner output. Reliably and securely parsing CLI output over the long term is really hard to get right because deployed fdroidserver code has to be future proof, in that it has to support newer apksigner versions that might have changed its output. 1/3