F-Droid is important infrastructure. Look at how quaint their main buildserver is!
That thing carries a lot of trust, playing a central role in the FOSS mobile software supply chain. Due to limited resources, however, that HW won't be able to build APKs soon, as it's stuck in the pre-x86_64v2 times (doesn't even do SSE4_2!)
I'm sure people around here have x86_64 servers w. ≥12 cores of the last 15 years lying around that's about to hit E-waste soon. Please donate it!
CC: @entropia @domrim @muccc @bert_hubert anyone of you happen to have an old-ish spare server lying around?
@funkylab @entropia @domrim @muccc @bert_hubert If we can find/fit something into 1U, I’m confident we’ll find a home for it at AS250.net Foundation Colo in Frankfurt. Not much space available but there’s a staging server that doesn’t need to be there and can make room for it. I do know that we currently don’t have the gear - if only by a small margin - to accommodate on own metal. Currently travelling. Please get in touch if that sounds like an option. Bandwidth is very much not an issue there.
@nblr @entropia @domrim @muccc @bert_hubert
I think @eighthave does have a hosting solution that he controls (and he might insist on it, for trust reasons, or maybe not; insisting on that might be unwise. Rather make your server intrusion-safe…), but I think that's an enormously nice offer!
also:
/me wonders whether that's the point where @kwf pops up and is "hm maybe at least a distribution server there"? By the way, @kwf, um, got any servers lying around? f-droid's missing x86_64v2, kind of.
@funkylab @nblr @entropia @domrim @muccc @bert_hubert @eighthave fdroids insistence on mirrors only being in specific geos with privacy laws has taken them off my list of projects to try and mirror on new POPs
@kwf @funkylab @nblr @entropia @domrim @muccc @bert_hubert anyone can run an F-Droid mirror and any user can add any mirror to their client app. For mirrors that are used by default, we require that they have privacy standards similar to f-droid.org, since F-Droid users expect that level of privacy by default. There is no rule about location per se, but a mirror in country that requires logging and government access to all servers would fit our users expectations.
@eighthave @kwf @funkylab @entropia @domrim @muccc @bert_hubert We generally do not comply with any “government needs access” requests as we are exempt either by size, legal status, or jurisdiction. If it was inevitable, the relevant service would rather be terminated. This has never happened in 23 years though.
@eighthave @kwf @funkylab @entropia @domrim @muccc @bert_hubert itym “not fit”? 😀
imho the only way to be compliant with GDPR (which, ianal, is the only relevant regulation) is to NOT log any user data. If there are pointers such as a checklist, best practices for syncing, volumes to expect. Please let me know.