Sender | Message | Time |
---|---|---|
30 Apr 2024 | ||
永雏糖肥 | * Hello. Thanks to developers for creating this wonderful app. I found that Wireless debugging mode using paircode cannot be completed in ROMs without freeform windows mode that can be displayed in Settings(of course includes Development Options ) App Manager can get the port but the pairing code needs typing manually, but once the focus switches from Settings to others, the pairing code becomes invalid immediately. Some apps like Shizuku use a notification to solve this problem, like these screenshots below. Can App Manager add this feature in the future? Thanks | 01:08:12 |
永雏糖肥 | * Hello. Thanks to developers for creating this wonderful app. I found that Wireless debugging mode using paircode cannot be completed in ROMs without freeform windows mode and split mode that can be displayed in Settings(of course includes Development Options ) App Manager can get the port but the pairing code needs typing manually, but once the focus switches from Settings to others, the pairing code becomes invalid immediately. Some apps like Shizuku use a notification to solve this problem, like these screenshots below. Can App Manager add this feature in the future? Thanks | 01:13:35 |
§ | https://github.com/MuntashirAkon/AppManager/issues/892 | 03:51:02 |
永雏糖肥 | Redacted or Malformed Event | 11:47:13 |
永雏糖肥 | In reply to @shuvashish76:matrix.orgOh, thanks. I am so sorry for raiseing the same issue. | 11:47:42 |
永雏糖肥 | * Oh, thanks. I am so sorry for raising the same issue. | 11:47:59 |
永雏糖肥 | * Oh, thanks. I am so sorry for raising the same issue. (But it shows this feature is needed by more than one) | 11:53:30 |
Muntashir Akon | In reply to @tsuame:mozilla.orgThe feature is already in beta. | 14:35:40 |
WMCB Tech (marcusz) changed their profile picture. | 15:09:19 | |
5 May 2024 | ||
Muntashir Akon | ⚠️ Important. Third-party app stores should also take note of my message and take necessary actions to update the email address. | 17:16:47 |
8 May 2024 | ||
Scott changed their display name from Scott They/Them to Scott. | 11:50:15 | |
11 May 2024 | ||
永雏糖肥 changed their display name from tsuame to 永雏糖肥. | 22:20:44 | |
永雏糖肥 changed their profile picture. | 22:27:10 | |
24 May 2024 | ||
CatSalad🐈🥗 (D.Burch) left the room. | 05:50:11 | |
28 May 2024 | ||
Incognito | hello | 15:36:31 |
29 May 2024 | ||
☘Eknom☘ | even though I never really used the word updates anywhere nor was I implying this would be the purpose to use obtainium, but rather to simply obtain apps, I do still appreciate the insights. I understand that F Droid has a method to maintain a safer approach to verifying and testing apps, ensuring they meet specific criteria before being signed and by providing an F-Droid signed apk, however there are many people who simply cannot trust this process and there are currently no AI that can do a full security audit yet. For this reason it is still justifiable that people do not fully trust the method of signing apks used by F-Droid (not that I myself am one of those people, I have been using F-Droid for many years) and for those people giving them an option to download an unmodified apk directly downloadable through github (the sourciest of source) can be beneficial and help more people make the transition to open source apps. | 23:08:08 |
30 May 2024 | ||
§ |
There is no point in trusting the apk files from GitHub either. On what basis you'd trust them? You never know 1. if some parts are proprietary, 2. by using obtainium you never verified them using VirusTotal or Pithus as it has no.built in mechanism for it 3. never checked what permission they use (izzyrepo check some of them vs F-Droid at least shows general permissions before you download them.
Obtainium is great for personal use but it’s the worst one for general users. I hope AM will handle this in a better way. | 06:39:40 |
§ | *
There is no point in trusting the apk files from GitHub either. On what basis you'd trust them? You never know 1. if some parts are proprietary (F-Droid build them, now supports reproducible builds), 2. by using obtainium you never verified them using VirusTotal or Pithus as it has no.built in mechanism for it 3. never checked what permission they use (izzyrepo check some of them vs F-Droid at least shows general permissions before you download them.
Obtainium is great for personal use but it’s the worst one for general users. I hope AM will handle this in a better way. | 06:50:54 |
§ | *
There is no point in trusting the apk files from GitHub either. On what basis you'd trust them? You never know 1. if some parts are proprietary (F-Droid build them, now supports reproducible builds), 2. by using obtainium you never verified them using VirusTotal or Pithus as it has no.built in mechanism for it (AM has built in option for both Pithus & VT) 3. never checked what permission they use (izzyrepo check some of them vs F-Droid at least shows general permissions before you download them.
Obtainium is great for personal use but it’s the worst one for general users. I hope AM will handle this in a better way. | 06:52:00 |
2 Jun 2024 | ||
Muntashir Akon | I agree with @[§] on this. “Trust” is a quite complicated matter in security and privacy. When you install an app from GitHub, you trust the person who released the app along with the signer installed in your browser or device that verified the GitHub’s certificate. For F-Droid repo, you also trust F-Droid. Although F-Droid says that the app supplied by them is guaranteed to be reproduced from the source they supplied with it. But I don’t know if they actually verify this. It’s possible to use external sources in a way that doesn’t ensure such reproducible builds. | 14:59:52 |
daneelgod changed their profile picture. | 16:21:19 | |
5 Jun 2024 | ||
LjL | In reply to @muntashir:matrix.orgFor the main, official F-Droid repository, it's "verified" in that we definitely build from the source that is also provided as a tarball on f-droid.org, but of course it's still a matter of trust because you have to take F-Droid's word on that... unless the app features reproducible builds, in which case it's externally verifiable, but in that case it's signed with the original signature (not F-Droid's) as well. You're right also that the F-Droid app allows adding arbitrary third-party repos and F-Droid as an organization has no control or oversight on those. It's an open ecosystem and guarantees are only made about the official repository. | 19:43:00 |
7 Jun 2024 | ||
Muntashir Akon | In reply to @LjL:matrix.orgYes, I was specifically talking about the former. Providing a binary along with its source doesn’t guarantee reproducibility. It must be independent of time and network connection which isn’t possible in most cases. F-Droid should make a rule to guarantee reproducibility or mark them as untrustworthy. This way we can also sufficiently trust builds signed by F-Droid itself. I would also suggest assisting developers with signature rotation or providing end users with options to check the reproducibility in case the former isn’t possible. | 20:18:30 |
LjL | Muntashir Akon: a small percentage of apps actually has a reproducible build recipe, F-Droid can't possibly lose the vast majority of its apps... and neither does it have the resources to help all developers with it, it barely does to keep the existing recipes up to date :( | 20:22:15 |
8 Jun 2024 | ||
§ | Official client should show which versions are reproducible builds. Currently there is no way to distinguish between FD signed builds vs reproducible builds. FD definitely has the resources to improve the client in a better way. BTW LjL what's your position at FD? social platforms moderation? | 05:02:17 |
LjL | In reply to @shuvashish76:matrix.orgI agree with that, client development has seemed too slow to me and there's sometimes been an amount of resistance to changes | 15:48:04 |
LjL | In reply to @shuvashish76:matrix.orgYes, just moderator on Matrix and IRC and I run a not that posts repository updates | 15:48:27 |
9 Jun 2024 | ||
WMCB Tech (marcusz) changed their profile picture. | 12:07:21 | |
14 Jun 2024 | ||
noobzhang | 08:29:18 | |
15 Jun 2024 | ||
daneelgod changed their display name from goddaneel to daneelgod. | 19:49:37 |