F-DroidCompliance » History » Version 5
Denis 'GNUtoo' Carikli, 04/05/2020 05:42 AM
| 1 | 1 | Kurtis Hanna | h1. FDroidCompliance |
|---|---|---|---|
| 2 | |||
| 3 | 2 | Denis 'GNUtoo' Carikli | h2. Introduction |
| 4 | |||
| 5 | 1 | Kurtis Hanna | F-Droid is a community-maintained software repository for Android based operating systems. It is similar to the Google Play store. |
| 6 | |||
| 7 | Replicant has depended very heavily on F-Droid for a long time now. End users expect app "stores" on their smart phones. |
||
| 8 | |||
| 9 | Unfortunately, F-Droid is not currently compliant with the FSF's Free Software Distribution Guidelines, which required Replicant to remove F-Droid from its upcoming 6.0 0004 release so that Replicant can continue to be FSDG compliant. |
||
| 10 | |||
| 11 | Much discussion has already been had within Replicant and between Replicant and F-Droid about how F-Droid can be modified in order to make it FSDG compliant so that it can be included again in Replicant in future releases. |
||
| 12 | |||
| 13 | F-Droid's build server has not purely free from proprietary blobs for a while now: https://gitlab.com/fdroid/fdroidserver/-/issues/383 |
||
| 14 | |||
| 15 | It is important for F-Droid to be built using free tools. |
||
| 16 | |||
| 17 | Android has a decentralized app building process. This can be a very positive thing, fostering a much more diverse and playful ecosystem than app stores that Google and Apple provide on their smartphones's OSes. |
||
| 18 | |||
| 19 | Due to the freedom issues in the F-Droid build system though, a threat exists to user privacy and security. |
||
| 20 | |||
| 21 | One of these freedom issues is the fact that far too many pre-builds exist. |
||
| 22 | |||
| 23 | Replicant wants an app distribution system that runs a free toolchain so that users can rely on a fully free ecosystem. |
||
| 24 | |||
| 25 | One way of achieving this might be to utilize beuc's rebuilds: https://android-rebuilds.beuc.net/ |
||
| 26 | |||
| 27 | Replicant wants to write environment setup bash scripts to build FDroid with beuc's version of the SDK in order to be able to provide a reproducible build environment that others can test. |
||
| 28 | |||
| 29 | Another freedom issue with F-Droid is that F-Droid includes apps with anti-features that are not compatible with the GNU FSDG. These apps are available alongside apps that are compatible and they are only marked with these anti-features. See #1629 for development efforts and further information on this topic. https://redmine.replicant.us/projects/replicant/wiki/FDroid |
||
| 30 | 2 | Denis 'GNUtoo' Carikli | |
| 31 | h2. Plan |
||
| 32 | |||
| 33 | h3. Discuss with F-Droid to find a way to implement the FSDG compliance |
||
| 34 | |||
| 35 | 5 | Denis 'GNUtoo' Carikli | |_. Task |_. Budget |_. Comments |_. Deliverable | |
| 36 | | Define with F-Droid upstream which properties we can use in package definition to comply with the FSDG guidelines | Hard to predict as it depends on the outcome of the discussion with F-Droid => Replicant funding | | Specifications that are ready to be implemented by Fil bergamo | |
||
| 37 | | Discuss how to implement build time whitelists and blacklists | Hard to predict as it depends on the outcome of the discussion with F-Droid => Replicant funding | | Precise specifications that are ready to be implemented by Fil bergamo | |
||
| 38 | | Replicant F-Droid fork package in F-Droid | Nlnet? Rough number of hours | | Package can be built with F-Droid tools, ideally upstream it | |
||
| 39 | |||
| 40 | Precise specifications: specifications that are clear enough to be implemented without making mistakes, and clear enough to understand for people using it. |
||
| 41 | Example: non-fsdg compliant property in the package definition. |
||
| 42 | * Specs for implementation: |
||
| 43 | Tag format: "Antifeature: non-fsdg-compliant, <reason>" |
||
| 44 | * Definition: |
||
| 45 | ** Property that indicates that the package doesn't meet the FSDG guidelines as per <fsdg guidelines address>. |
||
| 46 | ** reason: textual description of why the package is not fsdg compliant. (see parabola blacklist for examples + git-url of paraobla blacklist repo + file) |
||
| 47 | |||
| 48 | |||
| 49 | 2 | Denis 'GNUtoo' Carikli | |
| 50 | 4 | Denis 'GNUtoo' Carikli | h3. Implementation |
| 51 | |||
| 52 | *Person*: Fil Bergamo |
||
| 53 | 2 | Denis 'GNUtoo' Carikli | |
| 54 | 3 | Denis 'GNUtoo' Carikli | |_. Task |_. Budget |_. Comments |_. Deliverable | |
| 55 | | Implement the parsing of the properties | Hard to predict as it depends on the outcome of the discussion with F-Droid => Replicant funding | | | |
||
| 56 | | Build F-Droid from an FSDG compliant distribution | Hard to predict => Replicant funding | Replicant 6 can't be built with FSDG compliant distros but Replicant 4.2, 9.0 and probably 10.0 too can => We need F-Droid to be built from an FSDG compliant distributions | Building F-Droid from an FSDG compliant distribution + a quick HOWTO | |
||
| 57 | | Implement build time whitelists / blacklists | Nlnet? Rough number of hours | | Can build F-Droid with custom blacklist and whitelists + quick HOWTO | |
||
| 58 | | Replicant F-Droid fork package in F-Droid | Nlnet? Rough number of hours | | Package can be built with F-Droid tools, ideally upstream it | |