New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not yet published on F-Droid #281

Closed
der-stefan opened this Issue Jul 29, 2013 · 9 comments

Comments

Projects
None yet
6 participants
@der-stefan

der-stefan commented Jul 29, 2013

Dear developers,
as we all care about privacy I would recommend to publish TextSecure on F-Droid (with having updates) as some people don't use Google Market.

edit: The discussion on F-Droid can be read here: https://f-droid.org/forums/topic/textsecure/
edit: I understand the discussion, thanks for your replies.

@moxie0

This comment has been minimized.

Member

moxie0 commented Jul 30, 2013

We don't distribute our apps on f-droid because we feel it's insecure, and because it doesn't provide the features we need to develop stable and secure software.

However, we are willing to distribute our apps outside of the Play Store, but we need the following things first:

  • A built in crash reporting solution with a web interface that allows us to visualize crashes and sort by app version, device type, etc. This is essential for producing stable software.
  • A built in statistics gathering solution with a web interface that allows us to visualize aggregate numbers on device type, android version, and carriers for our users. This has been crucial in shaping support and development direction.
  • A built in auto-update solution. Fully automatic upgrades won't be possible outside of Play Store, but we at least need something that will annoy the hell out of users until they upgrade. This is necessary for ensuring that new security features and bug fixes can be propagated quickly.
  • A build system that allows us to easily turn these features on and off for Play and non-Play builds. Gradle should make this easier.

If you're interested in seeing Open Whisper Systems apps distributed outside of the Play Store, we'd welcome your contributions.

@moxie0

This comment has been minimized.

Member

moxie0 commented Jul 30, 2013

Closing as duplicate of #127

@moxie0 moxie0 closed this Jul 30, 2013

@henning

This comment has been minimized.

henning commented Mar 8, 2014

Hey moxie, I looked at all these threads last week. While I totally understand that the way some people at fdroid interpret opensource licenses, and the problems they had with outdated versions rather came from bad package maintenance(lets look at it as if it was something similar to a Linux distro), it's also clear to me as a user that there is the need for a distribution point of security relevant android software that allows installing it without using google play, which by itself is a closed source proprietary tool, that allows remote access to my device, and so, to my understanding, any device where I run it, cannot be considered secure anymore.

So, IMHO, we need something like fdroid to get android software without google from an independent organization, and not having it decreases the value of having textsecure at all, because the underlying base system is already corrupted.

Please let's clearly define the requirements a free opensource appstore shall meet so you'd consider it an acceptable publication platform for textsecure(and other security relevant stuff), and let's prioritize/categorize them - which are essential for secure publication and maintenance(secure build, signing and encrypted/signed download), which are more or less "developer convenience" for better support of more devices(like three of the above points). And then see where to start first.

@whispercore

This comment has been minimized.

whispercore commented Mar 25, 2014

Or just declare that GPL applies, that you can't bless any other builds than your own but won't disallow them either.

@henning

This comment has been minimized.

henning commented Mar 25, 2014

@whispercore that's nothing that needs to be declared as it's implied by the code being available here under the GPL. That's the part that @der-stefan and people at fdroid seem not to understand.
They can do with the code many things they want, and @moxie can neither forbid them to do so nor does he have to approve other builds as good.

What I wish, still, is the runnable binary program being available in a google-independent appstore. AFAIK whispersystems is working on this in the meantime, and I'll be waiting to see what's coming.

@whispercore

This comment has been minimized.

whispercore commented Mar 25, 2014

Besides f-cores childish attitude, they are perfectly reasonably cautious about putting a version of their own up for download, when the author has expressed a wish that they do not do that. From a legal liability standpoint. Which is why a public statement by Moxie that the GPL applies would be in order. Otherwise it may look like the murky FUD of "GPL", but only when we like it, played by MySQL back in the day.

On March 25, 2014 4:19:37 PM CET, Henning Sprang notifications@github.com wrote:

@whispercore that's nothing that needs to be declared as it's implied
by the code being available here under the GPL. That's the part that
@der-stefan and people at fdroid seem not to understand.
They can do with the code many things they want, and @moxie can neither
forbid them to do so nor does he have to approve other builds as good.

What I wish, still, is the runnable binary program being available in a
google-independent appstore. AFAIK whispersystems is working on this in
the meantime, and I'll be waiting to see what's coming.


Reply to this email directly or view it on GitHub:
#281 (comment)

Sent from my Android device with K-9 Mail. Please excuse my brevity.

@JonasT

This comment has been minimized.

JonasT commented Nov 19, 2014

That statement has now been provided: #282
Your move, f-droid?

@k3a

This comment has been minimized.

k3a commented May 8, 2015

I will stop using textsecure because of that. In my opinion your arguments are wrong. You can track user installs on playstore enough, you don't need to track installs outside it. I don't want my phone to send any unnecrssary statistics stuff. You also don't need crash reports from f-droid as it would crash on playstore too. Automatic updates are not priority - do you have automatic updates on your gnu/linux server too? The biggest fail is that you are making opensource software and don't want anyone to build it and distribute it. That's opensource but not free software. So thanks, will have to find an alternative.

@JonasT

This comment has been minimized.

JonasT commented May 8, 2015

Please everyone! moxie0 clearly stated ( #282 (comment) ) that he doesn't forbid unofficial builds and that the software is true unrestricted GPL.

He was initially a bit bumped I guess, but why not let him be whatever he wants since he gave a clear statement on the legal standpoint now. You don't need the developer's love to make use of the freedom given to you through the GPL, please.

@signalapp signalapp locked and limited conversation to collaborators May 8, 2015

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.