29 Sep 2022 |
jochensp | (I would love to have that true by default but for that we need https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1117 | 14:09:30 |
uniq (he/they) | In reply to @rdfg77:kde.org Do you mean that it should work without the whole fdroiddata repo but only a single recipe? Yes, e.g. when used used for nightly builds | 14:11:37 |
uniq (he/they) | or 3rd party repos, like NewPipe | 14:11:57 |
jochensp | but if some nightly repo decides that a mal | 14:12:21 |
jochensp | ..a malicious signature is fine than we should not block it in the fdroid nightly build | 14:12:44 |
jochensp | that's exactly my point with that fdroidserver should be data agnostic | 14:13:16 |
Licaon_Kter[xmpp] | > scan_binary is false by default | 14:13:54 |
Licaon_Kter[xmpp] | For now... | 14:13:54 |
uniq (he/they) | fdroidserver has not been data agnosic for the last 10 years | 14:14:10 |
jochensp | yes, and I think that's something we need to change | 14:14:31 |
uniq (he/they) | at least the fdroid scanner part | 14:14:34 |
uniq (he/they) | no | 14:14:38 |
jochensp | (don't get me wrong, I'm all for disallowing all those blobs but only for fdroiddata not for everyone using it) | 14:14:58 |
Licaon_Kter[xmpp] | What's with the () jochensp ? | 14:15:40 |
jochensp | (that's a meta comment ;) ) | 14:16:18 |
Licaon_Kter[xmpp] | Pfft | 14:16:43 |
jochensp | I think tooling (= fdroidserver) is good if it enables you to do things, not if it restricts you | 14:17:35 |
jochensp | for example moving the category definitions from fdroidclient to fdroiddata allows other repos to define their one categories, like Izzy did | 14:18:14 |
uniq (he/they) | nobody is disputing that ... | 14:19:09 |
uniq (he/they) | this is about defaults for me, not about restrictions | 14:19:29 |
uniq (he/they) | the defaults should be fdroids policies | 14:19:36 |
jochensp | yes, but we should define policies in data not in the tools | 14:20:00 |
jochensp | if we encode them in our tools, we enforce those policies upon everyone | 14:21:12 |
jochensp | so people will not use them or find ways around | 14:21:29 |
jochensp | to give an example with Debian: all tooling is agnostic to what data you package, if you download stuff from the internet or just shovel existing binaries into the .deb | 14:22:36 |
uniq (he/they) | I'm not sure what you're suggesting. Shipping fdroid scan without default data? | 14:22:48 |
jochensp | but the Debian project has clear policies on all of them | 14:22:49 |
jochensp | yes | 14:22:55 |
uniq (he/they) | data in the sense of scanner signatures | 14:22:59 |
linsui | In reply to @uniq:matrix.org Yes, e.g. when used used for nightly builds The fdroiddata are not designed to be used as that. E.g. you still need those srclibs... | 14:23:40 |