this post was submitted on 22 Aug 2023
7 points (100.0% liked)

F-Droid

8069 readers
23 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago
MODERATORS
 

In an optimal world, all apps were reproducible https://f-droid.org/docs/Reproducible_Builds/ , but which apps are actually reproducible? How can I know and check?

(I don't mean how to reproduce the build but how to check for the info that it's reproducible?)

you are viewing a single comment's thread
view the rest of the comments
[–] QuazarOmega@lemy.lol 2 points 1 year ago (1 children)

All apps on the official F-droid repository are, it seems to me like the document you linked explains pretty well how they verify that an app respects that requirement, it's about the signature right?

[–] beta_tester@lemmy.ml 0 points 1 year ago (1 children)

No. I don't even know one app that is not build aith fdroids keys. They are all not reproducible

[–] QuazarOmega@lemy.lol 2 points 1 year ago* (last edited 1 year ago) (1 children)

What do you mean?
Being built with their keys doesn't entail them not being reproducible, it could just be that the developer has a separate build that they push out to the Play Store, the releases on the forge, etc.
Having different features, like something provided by proprietary libraries, and therefore signed by them.

If they intend to release the F-droid compatible build elsewhere too, then F-droid can pick up the APK they signed themselves

[–] beta_tester@lemmy.ml 1 points 1 year ago (1 children)

Wow. It's a very good point that fdroid can still produce reproducible builds but with their own keys instead of the developers. That had not crossed my mind. As you can see in the following links, fdroid did not do that.

I just remembered an article that I've read. https://f-droid.org/2023/01/15/towards-a-reproducible-fdroid.html

Most importantly, they provide a link https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/reproducible/overview.md to all reproducible builds

[–] QuazarOmega@lemy.lol 2 points 1 year ago

Oh my bad, I had a misconception there too then, thanks for finding the article! I guess it's a work in progress for now