Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Submit to F-Droid #1

Closed
rugk opened this issue Nov 2, 2016 · 5 comments

Comments

@rugk
Copy link

@rugk rugk commented Nov 2, 2016

Please submit the app to FDroid.

@christianfl

This comment has been minimized.

Copy link

@christianfl christianfl commented Nov 2, 2016

Would appreciate that, too. But I think at first we will have to wait until the code was published.

@markuskreusch

This comment has been minimized.

Copy link

@markuskreusch markuskreusch commented Nov 2, 2016

Cryptomator for Android will not be fully open source, but its encryption code is 100% open source. We can't make the app fully open source for two reasons:

  1. Financial View: Developing the app is a lot of effort and when fully open sourced there is no way to earn some money with it.
  2. Security View: We know exactly what will happen, when there is a fully open source app in the App
    Store. After a few weeks there are several unofficial copies offered by developers who don’t even have any apps written by their own. This is not only bad for our business but also bears the risk of malicious code being added to a software that from a user's perspective is identical to (read: has the same UI as) the official version.

I think this will not happen for the desktop app, as it doesn’t cost anything and the copycats have no direct financial benefit from copying it. People who build the app for their own use from source could be sure everything is clean. But the same time we put all those people at risk, who don’t have the skills to do so. Those people might fall for an unofficial app that looks the same.

Publishing the encryption code is the best we can do for now, if we want to prevent the aforementioned. We will keep all encryption code (for all platforms) open source for all time. By doing so we prevent vendor lock-ins and allow people to review or build 3rd party applications on top of the encryption. If there will be other ways to earn money with the product and some "official" badge is added to the relevant App Stores, which guarantees that an app is built from source in a controlled environment, we might reconsider our decision.

@christianfl

This comment has been minimized.

Copy link

@christianfl christianfl commented Nov 2, 2016

Thanks for the clear statement. This makes it easy for me to dump Cryptomator. Very sad for this great project but I think especially for an app which is so security relevant that is a 100% nogo.

@rugk

This comment has been minimized.

Copy link
Author

@rugk rugk commented Nov 2, 2016

  1. That's certainly wrong. You can make money with FLOSS projects and especially with Android apps it's easy to do (e.g. offer the app with money on Google Play and on FDroid a free version).
    You may do this already - I am just pointing out that the statement is wrong.
  2. That's a general argument against open source, so I don't really get why you're expressing that here. If you fear your name/trade mark/whatever could be misused either don't make open source software or try to find a license, which protects the trade mark or so. If you really fear people from modifying your app you are not aware of the open source spirit.

Also your arguments are also valid for the desktop app. The desktop app could also be faked and - in contrast to the Android app, which has to pass different security levels (just take e.g. the fact that most users only [can] install apps from Google Play) is much easier to distribute. I also doubt such bad copies would be allowed at FDroid, so the only way where these things could spread are dubious APK hosting sites and you should not download APKs there anyway
Also with the desktop app you can make less money as you offer a "free download" button whereas on Google Play you can only buy or not buy the app.

All in all it's time to uninstall Cryptomator. It is a great project, but this is just the wrong way.

@tobihagemann

This comment has been minimized.

Copy link
Member

@tobihagemann tobihagemann commented Nov 2, 2016

I'm surprised that people who claim to understand the legitimacy of making money with open source software believe that "Free" in FOSS means "at no charge". If that's your expectation, I perfectly understand that it's easy to blame the developers. But this attitude kills the FOSS ecosystem. We are perfectly happy with a lot of people who love our work and support us, financially or otherwise.

You probably "misunderstood" both points. We're not afraid of fake copies of the desktop app, as it's for free anyway and there is little financial benefit for people faking it. This does not work for paid apps, though. We have seen this in the past with other popular apps that have been copied and republished with minor modifications under almost the same name. This is a risk for the everyday non-technical user.

Thus, the best compromise is the "open core" model with the relevant parts licensed under a FOSS license and only the user interface being proprietary. This is nothing we made up but a rather standard approach by many open source software vendors.

To quote the relevant section in your linked article:

Selling of optional proprietary extensions
Some companies sell proprietary but optional extensions [...]

See Open Core article.

Thanks for giving Cryptomator a try anyway. Farewell! 👋

@cryptomator cryptomator locked and limited conversation to collaborators Nov 2, 2016
@tobihagemann tobihagemann changed the title Submit to FDroid Submit to F-Droid Jan 15, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
4 participants
You can’t perform that action at this time.