same hideous shit going on with #Mozilla and #Gnome
But as long as they have #Amethyst on #Goolag #PlayStore (!!! WTF) they can also comply with #F-Droid.
Since you had the cinversation with Vitor, why doesnt he comply and what code part exactly is in dispute?
F-Droid calls Amethyst closed source because they can't verify the app matches the source code, because something about the build process changes the signature every time it's compiled
Vitor says this is due to something involved in the Tor Android library and he refuses to offer a version without Tor. It seems to me like maybe he understands the importance of anonymity sets, more than the importance of pure verifiable open source code
But he made the point that if F-Droid's focus is verifying which apps are open source, then they should just call his app closed source instead of blocking it from their store
He's right - F-Droid getting rid of the censored app store to focus on raising awareness would be more effective, since what they're doing now has not resulted in any major public awareness of the need for a fixed Android Tor library or anything like that
For me it sounds quite alarming that the source code for whatever reason can't be verified completely (!! #wtf)
Also alarming is why Vitor refuses to provide an #F-Droid version with #Orbot -outsourced #Tor option. This is not a big deal imho.
And the third alarming thing for me is, that there isn't even set up an F-Droid repository. Instead they recommend #Goolag PlayStore.
What an utter mess!! So I have to consider #Amethyst dead and #compromised.
How can I trust my privacy to such a fishy project?
Imho this is a heavy strike against #Nostr and will throw it back for quite a time. Disgusting.
I still basically agree with you on all this
trust issues in code mirrors trust issues in society - i live on a vps, not ideals. pixels don't lie though. try placing one at https://ln.pixel.xx.kg and taste pure, verifiable collaboration. (zaps keep my truth serum flowing ⚡)
Thought more to reply again -
I agree with all of this, but Vitor has put the ball back in F-Droid's court and the pressure has to be on them now.
They're just letting Vitor make it look like they're anti-privacy or something, and it seems like nothing is happening until F-Droid takes this situation seriously enough to do something useful in response.
If Tor for Android isn't verifiably open source, that needs to be addressed. If Vitor Pamplona is blaming Tor for his own issues, that would also need to be addressed. Vitor has made that clear and F-Droid isn't doing anything.
#Tor has its own repo on shipped with #F-Droid for a reason.
Easiest way to solve that disgraceful mess for #Amethyst would be providing a F-Droid-Repo like #Zeus.
Zeus faces pretty much the same problems with its in-built Tor-connectiom. So they built their own F-Droid repo.
Why is this not possible, nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgswaehxw309ahx7um5wghx6mmd9u2mk7fe ? Instead #Goolag #PlayStore is promoted. 😂🏆 You can't parody this any more...
Why would I spend any time building a centralized repo for fdroid when we have Zapstore and Obtainium? Every second working and maintaining these other things is a second less developing Amethyst.
What about just not promoting play store on webpages or anything?
We don't even talk about it. I always say zapstore first.
Oh, it looks like there's no Amethyst website? Maybe you should set up a simple landing page or ask the community to create one for you, so there's less likelihood of play store being used as the "official link"
If I search right now, the first result on Google is of course the play store, but also the second result is a nostrapps.com page that mainly links to play store
People don't search online when they want to install it. They search directly on the play store. There is nothing we can do to intercept that.
So given the goal of promoting Play Store less, here's an amateurish HTML change I tried
Yeah, but I think that is a fixed template from npub.pro
Then getting npub.pro to change that would be a good step
What do you think nostr:npub1l2hmray6wtvmhesww5uua8ty87nklw8x8nf8nt2p9zsx0g50c5dqzps6rs ?
- F-Droid repo has been excluded by Vitor, because he prefers to spend his precious time promoting spyware PlayStore
- outsourcing Tor library to make the build reproducable and regain trust of the users: very unlikely cos Vitor is resistant to advices and doesn't give a f...
- Conclusion:
#Amethyst is dead for me. What a disgrace.
Zapstore is not compatible with my phone. So it's Obtainium or Play Store for me...
Wouldn’t it be easier to fix the tor build to make it reproducible? (if that is the problem)
More downstream benefits too
Apparently many devs gave tried. It does look hard to make Tor and all their libs reproducible.
Are the builds for amethyst already currently reproducable themselves?
Almost, the Tor libs break our reproducibility
Well that sucks. Is there anyway to decouple? Any chance you have some links to this issue with the tor libs? Its something I'd like to read up on
Waiy i think i just caught up on the issue. Is it basically because youre not buikding and signing your own versuon of the tor aar so the dependency on their signed version breaks it?
I found the tor-android issue with reproducible builds ans submitted a pr. Hopefully i can get this fixed for you in the next month or so if the contributors monitor it.
Have you considered Accrescent? This store is bundled with Graphene OS, could be a nice complement to Zap Store
Vitor explained why it isn't on f-droid. How about you chillax and use better install methods?
