We regret to inform you that Mastodon has decided to leave the F-Droid Reproducible Builds project.
Going forward, Mastodon updates on F-Droid will be maintained by the F-Droid team and signed with an unique per-app key generated by F-Droid.
If you installed Mastodon through F-Droid, please uninstall and reinstall it to keep receiving updates.
@fdroidorg We did not leave the F-Droid Reproducible Builds project, because we never entered it in the first place. It was not an active decision by us; F-Droid manages their own app repository and decides which apps go in and how they are built. Our development process results in two artifacts, a AAB build for the Play Store, and an APK build that is published on GitHub, both of which are made from the same 100% open-source, GPL code.
@fdroidorg F-Droid representatives asked us to start maintaining yet another build specifically for them; this was not communicated to us as an advance requirement for being on the F-Droid repository. Since the majority of our users are not on F-Droid, and our means are limited, we did not wish to spend engineer time on this, but F-Droid maintainers can maintain such a build on their own.
@Gargron
@fdroidorg I was thinking about why this post showed up in my timeline. Did you boost your own reply? Then I remembered that if someone I follow replies to someone else I follow, I see the post. Now I've learned something new about that #Mastodon design decision: it is a good way to broudcast something to a particular group, without making *all* your followers have to see it. And all while staying algorithm-free. Cool!
@golemwire @Gargron @fdroidorg
It's in the visibility of the post of your answer. You can check public for everyone to see in their timeline or non-listed for not. I believe most apps select non-listed by default for replies.
@Gargron @fdroidorg That is incorrect and the GitHub issue shows it. The F-Droid team asked for .apk files of the Google Play build as it was compliant with F-Droid policy. Not a new flavor.
Mastodon made a change to the version they provided to F-Droid (the GitHub version) that broke policy. F-Droid even went out of their way to tweak policy in Mastodon's favour to not require complete removal of the in-app updater, just a good explanation.
@Gargron @fdroidorg F-Droid was too eager to help make Mastodon on F-Droid as secure as possible by pushing for Reproducible Builds during inclusion, yes, that was mentioned. It was unfortunate there was apparent miscommunication in that Reproducible Builds require developers to provide an .apk compliant with policy (however, not anything weird, most "app stores" want you to upload build files).
@Gargron @fdroidorg But it was Mastodon who insisted that providing an .apk file compliant with F-Droid policy, despite already having a compliant flavor, was too much work. And that made Reproducible Builds a technical impossibility.
@SylvieLorxu @Gargron @fdroidorg also note: it was also never mandatory to add this APK file to the release (which yes, clutters the release with files that might confuse users). It could actually have been uploaded on any public webserver, the only requirement is that the URL needs to be guessable based on versionCode and versionName