On Thu, Jul 7, 2016, at 16:27, Hans-Christoph Steiner wrote: > > @commonsguy just pointed out this library to me, which already includes > > F-Droid support: > > > > https://github.com/javiersantos/AppUpdater > > > > I wonder if it does the right thing in terms of verifying what it > > downloads, or just leaves it up entirely to Android verifying the APK > > signature. > > I dug into it a little bit, it just scrapes the various app webpages to > see if the version is newer. Seems a bit fragile. It then just > downloads the APK.
In his defense, I don't see on the F-Droid wiki where there are official instructions for developers to do what you describe, such as: - the URL(s) related to the main F-Droid repository that clients can hit - a specification for the repository file format(s) served through those URL(s) - where/how one gets a signature for verification Anyone wishing to create such an app-updater library would need this information to do a quality job. If it is on the wiki, perhaps it needs to be surfaced a bit more. If it is not on the wiki but lives elsewhere, perhaps the wiki could link to that material. And if that documentation does not exist... well, you can't blame somebody for not following non-existent instructions. :-) -- Mark Murphy (a Commons Guy) https://commonsware.com | https://github.com/commonsguy https://commonsware.com/blog | https://twitter.com/commonsguy _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
