reproducible builds issues
An overview of RB issues.
Existing issues
-
Encourage new apps enable reproducible build fdroiddata#2816 (closed) -
Overview of apps published with Reproducible Builds fdroiddata#2844 (closed) -
Policy for handling in-app updaters (with reproducible builds) #371 (closed) -
APK Signing Block considerations fdroidserver#1056 -
Signing keys #422
Need work
-
Extract signatures from Binaries metadata field fdroidserver#1013 -
Reproducible builds and developers losing access to their signing keys #403 -
Add an option to only update apps from the repo they are installed from fdroidclient#2666 -
REQUEST_INSTALL_PACKAGES policy #389 -
policy for handling Dependency Info Block (and other opaque block types) #367 (closed) -
Signing key transparency log fdroidserver#1077 -
Make and verify jar signatures in pure python, entirely remove jarsigner support fdroidserver#94 -
Potential security hazard fdroidserver#1128 (closed)
Related issues
-
Draft: verify git tags fdroidserver!989 (closed) -
Repo announcements fdroidclient#2671
Other concerns & plans
-
Rebuilding, independent verification, UX #383 (closed) -
Improving communication with devs & end users.
Edited by FC (Fay) Stegerman