this post was submitted on 15 Jun 2023
10 points (91.7% liked)

Jerboa

10299 readers
1 users here now

Jerboa is a native-android client for Lemmy, built using the native android framework, Jetpack Compose.

Warning: You can submit issues, but between Lemmy and lemmy-ui, I probably won't have too much time to work on them. Learn jetpack compose like I did if you want to help make this app better.

Built With

Features

Installation / Releases

Support / Donate

Jerboa is made by Lemmy's developers, and is free, open-source software, meaning no advertising, monetizing, or venture capital, ever. Your donations directly support full-time development of the project.

Crypto

Contact

founded 2 years ago
MODERATORS
 

It wants me to uninstall and reinstall since the signature of different, which makes sense as it from a different source, but it doesn't mention anything in the changelog.

top 17 comments
sorted by: hot top controversial new old
[–] bbbhltz@beehaw.org 12 points 1 year ago (2 children)

Jerboa is provided by both repositories. Izzy's pushed the update before F-Droid's is all. You can switch to Izzy's or wait or DL the apk from GitHub but signatures are different for all three.

[–] derived_allegory@beehaw.org 2 points 1 year ago (1 children)

Doesn't Izzy typically pull release directly from GitHub?

[–] sabreW4K3@u.fail 2 points 1 year ago

It does indeed

[–] chris2112@lemmy.world 1 points 1 year ago (1 children)

Do you know why the signatures would be different? At my company we release our app on Google play, galaxy and Amazon store and I'm pretty sure we use the same signing key for each

[–] Zeus@lemmy.world 7 points 1 year ago (1 children)

because fdroid build all of their apps themselves, so every app on the fdroid repo uses the fdroid signing key

[–] chris2112@lemmy.world 1 points 1 year ago (3 children)

Interesting, I was not aware of that. sounds like a security risk, as you don't know who actually published it, but I guess since its open source that doesn't really matter as much

[–] Vittelius@feddit.de 8 points 1 year ago (1 children)

You know who published it. It's the fdroid devs. Fdroid follows very much the old Linux repository philophosy where the owner of the repo acts as a middleman, providing the central layer of trust. You don't have to trust the developers because the distributor has done their due diligence and checked it. That's why fdroid takes a couple of days to push updates. They are doing some basic quality control first.

This model made a lot of sense in the world of traditional Linux packaging, where every obscure distribution has their own package format and developers couldn't possibly be expected to support all of these. It makes less sense on Android (or in a word where flatpak exists for that matter).

[–] heeplr@feddit.de 0 points 1 year ago* (last edited 1 year ago)

It makes less sense on Android

Quite the opposite. From the user perspective, it's much easier to trust the repository than trusting every single developer not losing their password. In case of OSS it also ensures reproducible builds.

[–] Moonrise2473@lemmy.ml 4 points 1 year ago

It's actually the opposite, an evil developer could upload in GitHub an apk with malware not included in the source, while fdroid guarantees that it matches with the source published

[–] KindnessInfinity@lemmy.ml 1 points 1 year ago (1 children)

I'd recommend giving this article a read, just to inform you about f-droid client https://privsec.dev/posts/android/f-droid-security-issues/

An alternative client being Neo Store

[–] TheAnonymouseJoker@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Privsec.dev is a libel slinger and an anonymity abuser on Reddit who is also Daniel Micay's equivalent of left hand. He is supportive of GrapheneOS and Micay's actions, and only went silent after Louis Rossmann exposed Micay.

Privsec_Dev/Tommy_Tran/B0risGrishenk0 did this to me last year. https://old.reddit.com/r/privatelife/comments/s0h73l/rprivacyguides_continues_its_harassment_campaign/

GrapheneOS members, Micay and his friends like Wonderfall have attacked F-Droid in the name of security, only to push using Google Play Store that annihilates all privacy of people. Google Play Services gather every possible metric about your phone which includes sensor, location, IP address, telephone number, IMEI and so on every 7 minutes. Just to be fair, Apple does the same things and is far worse. This theme of evangelising Google products at the cost of bashing all other projects is a thumb rule for GrapheneOS community.

https://forum.f-droid.org/t/what-are-the-issues-fdroid-have-about-security/17520

[–] XioR112@lemmy.ml 5 points 1 year ago

They didn't change the repo, it's just on both and f-droid repo updates slower.

[–] jwt55@sh.itjust.works 5 points 1 year ago

It didn't change the repo. F-droid has always slower updates, because they're compiling every app themselves. Izzy is release directly from app developer, so it's newer. I'd stick to F-droid, so app dev can't push anything malicious in the official app build.

[–] shortwavesurfer@monero.town 4 points 1 year ago

Izzyondroid gets updates faster. Give it a few days and the fdroid repo will get it

[–] Catsrules@lemmy.ml 1 points 1 year ago

So that is what was going on. I was wondering why the update wasn't working.

[–] InkstainTheBat@lemmy.ml 0 points 1 year ago (1 children)

What application is that? Some third-party app for GitHub?

[–] JM0804@lemmy.ml 1 points 1 year ago

Looks like Droid-ify, a third-party client for F-Droid.

load more comments
view more: next ›