-
-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mention Neo Store in DivestOS recommendation #1829
Conversation
🎊 PR Preview 226b9f7 has been successfully built and deployed to https://privacyguides-privacyguides-org-preview-pr-1829.surge.sh 🕐 Build time: 100.246s 🤖 By surge-preview |
Thank you for spotting this. We should re-word this, but it is not a black-and-white situation when it comes to DivestOS, because they use their own F-Droid repo to distribute and update their own software, so we cannot suggest that people disable or not use F-Droid on DivestOS. It might perhaps make sense to suggest that people disable it and use Neo Store instead, if that's possible, but I don't know what the best course of action is. Perhaps @SkewedZeppelin can provide some more information/guidance here. |
There is a section here on this: https://divestos.org/index.php?page=faq#altDroid tl;dr without it users won't have browser or WebView updates I recently went through and checked 8 of the alternative clients and none of them support repository overrides like F-Droid does. |
@SkewedZeppelin If we were to theoretically recommend that people disabled F-Droid, installed Neo Store and enabled the necessary repos, would there be a problem with that? Or do you think it's best that people stick with the default configuration. I cannot remember off the top of my head whether you use F-Droid's privileged extension or not, are updates of these components unattended? |
@matchboxbananasynergy PrivExt was removed in April, so updates aren't unattended. |
The updated version still isn't correct and would result in users missing critical WebView updates. The available (Sept 10th) builds of DivestOS are currently shipping Chromium 105.0.5195.79. |
@SkewedZeppelin What do you think about the wording now? My only concern is that people may improperly configure Neo Store and not enable the DivestOS repos as we instruct and end up missing critical security updates. On the other hand, I'd prefer that people didn't leave the official F-Droid app enabled due to its SDK and other issues. (I am correct in assuming that the F-Droid app can be disabled but not uninstalled, right?) Also, another question I had is why are there two separate repos instead of including everything in one repo? |
Wording could be a bit stronger, but looks fine.
Default installed, can be disabled.
When I switched to the Mulch webview I wanted to maintain compatibility with all previous builds (because some users sadly only update every few months, and I didn't want any transition period), this mean signing the WebView for each device. So there are actually 120+ copies of the WebView apk in the repo. It also has the benefit that if for some reason (like the time they broke scrolling for some apps) there is a bad webview update, I can just move the old repo back into place. And lastly the official repo contains apps that can be used on any device, no need to clutter with with DivestOS specific apps. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think we should provide a link somewhere there, to what these "security issues" are. This will be a contentious topic amongst free software enthusiasts.
Not sure if we should link to the wonderfall article in the DivestOS section when we mention the security issues with F-Droid, or if we should just have a link to our F-Droid section below, especially as there are plans to expand it with more context/info. Thoughts @dngray? |
I'm thinking expand the section on the android page to be a brief synopsis of some of the points in the wonderfall article. We should elaborate on that sentence:
I think I would like to see this sentence elaborated into a single paragraph. The wonderfall article is quite lengthy, and I think its points won't be read by readers. I'm not saying we need to mention all of the points there, but I do think 1-3 are most relevant. Especially 3. |
Signed-off-by: Daniel Gray <dng@disroot.org>
This pull request has been mentioned on Privacy Guides. There might be relevant details there: |
The current DivestOS recommendation lists F-Droid as a positive, which contradicts the F-Droid section at the bottom of the Android page. This PR adds a warning against using F-Droid despite it being installed by default. Alternatively, the F-Droid mention could be deleted entirely.