[Replicant] fdroid on replicant: dfsg changes

Hans-Christoph Steiner hans at guardianproject.info
Mon Oct 24 14:07:08 UTC 2016



Denis 'GNUtoo' Carikli:
> On Tue, 23 Aug 2016 07:59:10 +0200
> Simon Josefsson <simon at josefsson.org> wrote:
> 
>> Den Mon, 22 Aug 2016 20:15:19 +0200
>> skrev Re: fdroid on replicant: dfsg changes:
> [...]
>>>>> The idea is to:
>>>>> - make F-droid detect Replicant
>>>>> - Add a way to totally hide applications.
>>>>> - Make f-droid hide all applications with anti-features, if
>>>>> running on Replicant.
> [...]
>>>> This could be too heavy handed.  For me, this would make it
>>>> impossible to install Face Slim, OsmAnd, Telegram.  Of these
>>>> three, only the OsmAnd appear to actually have a licensing issue.
>>>>
>>>> However, I could live with the solution above if it means having
>>>> Replicant a FSF endorsed free distro.
> 
> Another solution would be to:
> 1) Detect Replicant in f-droid
> 2) Add the ability, with the fdroid-data, to produce a repository that
>    is fully fsdg-compliant. It would take the stock fdroid-data in
>    input.
> 3) host that fsdg-compliant repository
> 4) make f-droid switch to the fsdg-compliant repository, somehow, when
>    it is run within Replicant.
>
> That way a user could still, willingly, switch repository, while
> keeping Replicant fsdg-compliant at the same time.

We'd love to help anyone setup and run such a repository.  Even better
would be if it also built the apps, so that it would also serve as a
verficiation of the reproducible builds of what is on f-droid.org.  The
fdroid devs currently do not have the free cycles to take this on.


> Another option would be to:
> 1) Add compilation switches in f-droid, such as --enforce-fsdg or
>    --enforce-no-anti-features that would hide all the non-fsdg (or all
>    applications with anti-features)
> 2) When building f-droid in Replicant, it would be built with that
>    compilation option.
> 
> The advantages and disadvantages of that last approach are:
> - F-droid wound't be reproducible between Replicant and the official
>   version.
> - A user could uninstall Replicant's f-droid and install the official
>   one instead to get software not shown with the version
>   shipped in Replicant.
> - I've no idea if compilation switches are fsdg-compliant or not.
>   For me it looks like a source version of debian non-free repository.
>   Coreboot for instance already has such setting, when doing make
>   menuconfig, there is the "[ ] Allow use of binary-only repository"
>   option[1].
> 
>> I see that Replicant is mentioned there now, but this sounds strange
>> to me given the concern with fdroid.
> I think f-droid was fsdg-compliant at the time where Replicant was added
> to the list of FSDG distributions.

For this to be workable, it would then need to be a separate app from
F-Droid.  We are moving towards making the F-Droid client support
multiple build "flavors".  You could call it "Replicant App Store" or
whatever.  It could still be included in the f-droid.org repository.


> Privileged extension:
> ---------------------
> I tested the privileged extension on Replicant 4.2, it now works great,
> and I can now update all the applications way faster. I can even
> install them faster.
> 
>>> There are large security and usability advantages to including
> What are the security advantages?
> As I understand f-droid doesn't require root permissions.

The big security advantages are background updates are possible, and
Unknown Sources is not used or required.

.hc

> References:
> -----------
> [1] I mentioned it because having real world example can help,
>     especially if we need to ask around to see if it is compliant.
> 
> Denis.
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556


More information about the Replicant mailing list