← Back to context

Comment by aniviacat

15 days ago

Doesn't this issue get solved by reproducible builds?

Using reproducible builds allows developers to publish apps on F-Droid using their own signing keys [1]. Those signing keys can then be verified by Google.

In 2023 already, 2 out of 3 new apps used this approach [2].

With this in mind, F-Droid should be able to continue functioning after this change by mandating reproducible builds.

[1] https://f-droid.org/docs/Reproducible_Builds/

[2] https://f-droid.org/2023/09/03/reproducible-builds-signing-k...

2 comments

aniviacat

Reply
foepys  15 days ago

Google will require you to authenticate with your real name and/or government ID which is something a lot of FLOSS developers don't want to do.

  • Aachen  14 days ago

    I expected one person to step up, do the verification, and F-Droid can use that signing key to distribute apps to phones with facism mode enabled. They just need to pick an app ID that isn't already in use, could even be sequential under org.fdroid.*

    It's quite scary that there's no such idea being floated in the post. Apparently they're ready for F-Droid to be relegated to the realms of Google-free devices that nobody, outside of a few hardcore privacy activists, is currently willing to use. Maybe that'll change, but I doubt significantly enough for governments to reconsider which OSes and third-party stores they need to support