Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Not yet published on F-Droid #281

Closed
der-stefan opened this Issue · 9 comments

6 participants

@der-stefan

Dear developers,
as we all care about privacy I would recommend to publish TextSecure on F-Droid (with having updates) as some people don't use Google Market.

edit: The discussion on F-Droid can be read here: https://f-droid.org/forums/topic/textsecure/
edit: I understand the discussion, thanks for your replies.

@moxie0
Owner

We don't distribute our apps on f-droid because we feel it's insecure, and because it doesn't provide the features we need to develop stable and secure software.

However, we are willing to distribute our apps outside of the Play Store, but we need the following things first:

  • A built in crash reporting solution with a web interface that allows us to visualize crashes and sort by app version, device type, etc. This is essential for producing stable software.

  • A built in statistics gathering solution with a web interface that allows us to visualize aggregate numbers on device type, android version, and carriers for our users. This has been crucial in shaping support and development direction.

  • A built in auto-update solution. Fully automatic upgrades won't be possible outside of Play Store, but we at least need something that will annoy the hell out of users until they upgrade. This is necessary for ensuring that new security features and bug fixes can be propagated quickly.

  • A build system that allows us to easily turn these features on and off for Play and non-Play builds. Gradle should make this easier.

If you're interested in seeing Open Whisper Systems apps distributed outside of the Play Store, we'd welcome your contributions.

@moxie0
Owner

Closing as duplicate of #127

@moxie0 moxie0 closed this
@henning

Hey moxie, I looked at all these threads last week. While I totally understand that the way some people at fdroid interpret opensource licenses, and the problems they had with outdated versions rather came from bad package maintenance(lets look at it as if it was something similar to a Linux distro), it's also clear to me as a user that there is the need for a distribution point of security relevant android software that allows installing it without using google play, which by itself is a closed source proprietary tool, that allows remote access to my device, and so, to my understanding, any device where I run it, cannot be considered secure anymore.

So, IMHO, we need something like fdroid to get android software without google from an independent organization, and not having it decreases the value of having textsecure at all, because the underlying base system is already corrupted.

Please let's clearly define the requirements a free opensource appstore shall meet so you'd consider it an acceptable publication platform for textsecure(and other security relevant stuff), and let's prioritize/categorize them - which are essential for secure publication and maintenance(secure build, signing and encrypted/signed download), which are more or less "developer convenience" for better support of more devices(like three of the above points). And then see where to start first.

@whispercore

Or just declare that GPL applies, that you can't bless any other builds than your own but won't disallow them either.

@henning

@whispercore that's nothing that needs to be declared as it's implied by the code being available here under the GPL. That's the part that @der-stefan and people at fdroid seem not to understand.
They can do with the code many things they want, and @moxie can neither forbid them to do so nor does he have to approve other builds as good.

What I wish, still, is the runnable binary program being available in a google-independent appstore. AFAIK whispersystems is working on this in the meantime, and I'll be waiting to see what's coming.

@whispercore
@JonasT

That statement has now been provided: #282
Your move, f-droid?

@k3a
k3a commented

I will stop using textsecure because of that. In my opinion your arguments are wrong. You can track user installs on playstore enough, you don't need to track installs outside it. I don't want my phone to send any unnecrssary statistics stuff. You also don't need crash reports from f-droid as it would crash on playstore too. Automatic updates are not priority - do you have automatic updates on your gnu/linux server too? The biggest fail is that you are making opensource software and don't want anyone to build it and distribute it. That's opensource but not free software. So thanks, will have to find an alternative.

@JonasT

Please everyone! moxie0 clearly stated ( #282 (comment) ) that he doesn't forbid unofficial builds and that the software is true unrestricted GPL.

He was initially a bit bumped I guess, but why not let him be whatever he wants since he gave a clear statement on the legal standpoint now. You don't need the developer's love to make use of the freedom given to you through the GPL, please.

@mcginty mcginty locked and limited conversation to collaborators
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Something went wrong with that request. Please try again.