cache policy for APKs
F-Droid generally aims to publish an APK once then never change it. This is a good policy for software releases for many reasons. Maven Central implements this as well. If an APK at a given URL never changes, then it makes it easy to create caching policies for browsers and CDNs that include long caching times. There are a few issues with how F-Droid publishes APKs that limit the caching policy:
- F-Droid moves APKs to archive/, then they are no longer in repo/.
- Sometimes APKs are moved from archive/ back into to repo/, then they are no longer in archive/.
- Sometimes, a build is disabled, then the APK will be deleted.
- F-Droid needs to be able to take down APKs in case there are copyright violations or malware.
It seems to me that APKs could have a cache policy of one day, and that would provide lots of caching, but still the ability to delete.
Also, I just checked and it seems that .apk files do not have a Cache-Control: header:
~ $ curl --head https://f-droid.org/repo/org.fdroid.fdroid_1013000.apk
HTTP/1.0 200 OK
HTTP/1.1 200 OK
Date: Wed, 16 Jun 2021 07:53:49 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 26 Apr 2021 19:09:19 GMT
ETag: "73694c-5c0e4e1f15976"
Accept-Ranges: bytes
Content-Length: 7563596
Via: 1.1 f-droid.org (Apache/2.4.38)
Age: 23593
Content-Type: application/vnd.android.package-archive