[guardian-dev] strategy for lib to safely install F-Droid

Greg Troxel gdt at ir.bbn.com
Fri Mar 4 12:57:52 EST 2016


Hans of Guardian <hans at guardianproject.info> writes:

> I'm trying to work out a strategy to interoperate with Google Play so
> that we can use F-Droid to provide the trusted app install/update
> channel on all Android devices.

I think you're only talking about how to interop with Google Play for
people that want to do that (or are already using Google Play, to have
this activate when that's blocked).  I think you still intend to have
F-Droid by itself be a first-class citizen, and this is an additional
feature.  As I suspect most do here, I think Apps pointing exclusively
to Google Play vs equally F-Droid is a bug - but I also think that's
orthogonal to your concerns.

> To make this update process as easy as possible, we have an Android
> library that will check if Google Play is available.  If it is not,
> then it will ensure that the user has F-Droid installed via a trusted
> channel.  F-Droid then will provide the trusted update channel for all
> of those mentioned apps.  The only blocker for this library is whether
> it is perceived to be in conflict with the Google Play Terms of
> Service.  As far as I understand them, this library is not in conflict
> since it does not promote F-Droid or even make it visible if Google
> Play is installed.  But we would like confirmation from Google.  We'll
> have to address Google's concerns in relation to the Terms of Service,
> so I'm reaching out to them.

I think you mean for this library to be offered for use as an internal
update mechanism for apps that want to use it.   One thing I don't
understand is how the signing keys will relate and if one can "upgrade"
across stores.

I have no wisdom to offer about their terms.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160304/7e07fde1/attachment.sig>


More information about the guardian-dev mailing list