| 1 Apr 2021 |
 @freenode_jochensp:matrix.org | it was referenced from metadata/csh.cryptonite.yml (looks like my link did not jump to that file, sorry) | 17:17:11 |
 @freenode_izzy:matrix.org | Ah. So if some app would need eg Dropbox (and it would still be there), it could simply reference the corresponding JAR via "extlib", and it would be included? | 17:17:39 |
| @freenode_jochensp:matrix.org | yes | 17:18:24 |
| @freenode_jochensp:matrix.org | (though I think it is a good thing that we drop them now) | 17:18:57 |
| @freenode_izzy:matrix.org | (Cryptonite: Ah, see it, thanks!) Good to know. So one more thing to watch out for when removing YAMLs (happens rarely, so I was not aware). | 17:19:03 |
| @freenode_izzy:matrix.org | Yes, that would have been my next question: how the extlibs get in there, and whether we still use them. | 17:19:32 |
| @freenode_izzy:matrix.org | Would make sense if they are "cached" srclibs. | 17:19:59 |
| @freenode_jochensp:matrix.org | they are not, afaikt | 17:20:11 |
| @freenode_jochensp:matrix.org | someone commited them >5 years ago | 17:20:23 |
| @freenode_jochensp:matrix.org | and they are still "used", otherwise lint would complain ;) | 17:20:34 |
| @freenode_izzy:matrix.org | There's a srclib for commons.io – which is why I thought the two are connected. | 17:20:38 |
| @freenode_izzy:matrix.org | OK, thanks a lot for educating me, Jochen – much appreciated! So hopefully next time I don't need to ask – but instead can answer the question myself should it pop up again :D | 17:22:12 |
| @freenode_jochensp:matrix.org | :) | 17:23:10 |
|  @kelvino:nitro.chat | 17:48:54 |
| @freenode_izzy:matrix.org | Sylvia: I just again had an app without network permissions and VT reporting "those" IPs. Of course my test device didn't report any network traffic *by the app* – but funny observation: Play Protect does open connections in those IP ranges (172.217.* as well as 142.250.*). And no, other than usual I did not receive any reply from VT yet. | 17:48:57 |
|  Kelvino joined the room. | 17:51:21 |
 @SylvieLorxu:matrix.org | Ah, that explains it | 18:00:59 |
 _hc | mimi89999: cdesai proletarius101 please do sign your commits! I try to as much as possible. The more the better, every bit helps. | 19:50:29 |
| _hc | and like Sylvia points out, we can't force signing, it can make certain processes really difficult | 19:51:07 |
 proletarius101 | In reply to @eighthave:matrix.org
mimi89999: cdesai proletarius101 please do sign your commits! I try to as much as possible. The more the better, every bit helps. Agreed and I'm doing so | 19:51:16 |
 mimi89999 | I'm also signing mine | 19:51:33 |
| _hc | the signature on a commit goes away once the commit is rebased or squashed, for example | 19:51:48 |
| _hc | few people are willing to do all merging, rebasing, and squashing locally | 19:52:23 |
| _hc | 2FA protects against phishing | 19:52:53 |
| _hc | and developers are more and more a target | 19:53:04 |
 cdesai (IRC) | _hc: can you check if all developers have 2fa enabled? | 19:55:20 |
| _hc | uniq: Sylvia: est31 est how about setting up 2FA on Gitlab? I can recommend andOTP in F-Droid for that. | 19:55:58 |
| _hc | cdesai: I can | 19:56:03 |
| cdesai (IRC) | I have my 2fa tokens on a yubikey, and also in an app as a backup | 19:56:27 |
| cdesai (IRC) | Ok I used https://dzone.com/articles/how-to-use-gitconfigs-includeif to make sure my fdroid commits are signed | 20:00:20 |
