F-Droid

Old discussions related to the Android/mobile version of Pale Moon.
xuhdev

Re: F-Droid

Unread post by xuhdev » 2015-03-14, 07:55

First point, I see some confusion, I should have mentioned that I meant only the software not the trademark. The way Pale Moon does distribution is similar to Firefox that the trademark policy forbids people to redistribute without replacing the trademark, logo, etc. we understand "the binary" differently -- I meant the binaries built from the source by anyone, but you meant the binary built by you. So we are talking about different things.

The second point is from the link you posted. Someone there assumed that Pale Moon for Android is modified from Firefox for Android which requires some Google's proprietary libraries, but it seems it's not true (The official API contains an optional part called Google APIs which can lead your binaries only work with Google's proprietary things installed). I would take back this point.

Point 3: I don't see how they treat Pale Moon as in public domain. But this is not the main point any way.
The difference is that F-Droid builds the app, then offers binaries THEY built with THEIR signature (not the software authors') for F-Droid users, pretty much having full control over the software and its distribution, update and continued publication, and treating the actual software authors as resources. Once an F-Droid version is installed on users' devices, only their version will be considered valid and users are immediately bound to F-Droid's operational practices (because a change in distributor, package name or signature would invalidate the install and people would lose their stored data when switching).

The MPL is a very good mechanism to prevent rogue copies and to have control over my binaries. The MPL specifically includes a clause that binary form may be distributed under a different license, which I am doing.
It allows free source redistribution and allows people to build their own binaries from source on their OWN system and adaptation to special needs, but prevent tainting of official binaries with modified copies in the wild.
I also give special permission to Linux distribution developers in the binary redistribution license to build their own binaries for their OS flavor in the redistribution license for binaries. Without that, only the user would be allowed to build their own copy from source (and only for their own use).
I really cannot agree with these -- F-droid is just similar to how Debian works in the sense that you can build everything by yourself, or use the binaries built by the build server maintained by F-droid people (A technical difference is that for Android you would probably need to do cross-build). Actually, F-droid makes it easier for apps to be built on users' OWN system.

F-droid is not a traditional store which developers distribute software on their server; it stores some meta data which teach F-droid servers to build the binaries directly from the source. The server software and metadata are all FOSS. By submitting an app, it actually means to submit a metadata file that TEACHES THE SERVER TO BUILD from the source (which can be done not only by the author, but anyone else). This also means, YOU DON'T HAVE TO USE THEIR SERVER, YOU DON'T EVEN NEED A SERVER TO USE AN APP IN THE REPO. Just download their server software and metadata and you can build all the APKs on your own system by executing a single command, and you can sign it yourself. It's actually more trustable than using the binaries from the developers (think about OpenH264 and Cisco, would you trust it). It's not possible for them to take full control as a middleman -- assuming some day they become really bad, A different person can stand out and run the server software publicly. The reason that they provide a server to do daily building, per my understanding, is only for the sake of convenience similar to Debian.

If F-droid still looks bad for you after you have read the above, I would kindly make this request: If you really don't want F-droid people to distribute Pale Moon on their server, can you submit a meta data file (since you are the best one who knows how to build Pale Moon), and tell them that this app has a trademark policy and it should only be built by users for themselves (there are some metadata files they don't use to build on their server). Thus, we can enjoy the benefit that F-droid building system offers and no middleman would ever come for Pale Moon. Any way, thanks for your work done on Pale Moon and I appreciate it.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35404
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: F-Droid

Unread post by Moonchild » 2015-03-14, 08:34

Your own post is contradictory.
F-droid is just similar to how Debian works in the sense that you can build everything by yourself, or use the binaries built by the build server maintained by F-droid people (A technical difference is that for Android you would probably need to do cross-build). Actually, F-droid makes it easier for apps to be built on users' OWN system."
Right below it:
F-droid is not a traditional store which developers distribute software on their server; it stores some meta data which teach F-droid servers to build the binaries directly from the source.
Note that it's not possible to build Pale Moon for Android on your Android device. ;)

F-Droid builds the binaries. That is the way F-Droid works. A dev submits source code, F-Droid servers build the binaries, and users get the binaries from F-Droid. I investigated how F-Droid works so you don't have to repeat this simple fact. This is NOT how Linux distributions work even if they offer binary packages, since in most cases, those packages are not built by the distro maintainers (usually just repackaged), and in fact, non-commercial Linux distributions are especially exempt from the branded binary restriction (did you even check the redist license? http://www.palemoon.org/redist.shtml has all this info). Did you understand what I said in my previous post about this restriction?

On Android, ALL binaries have to be signed. F-Droid will sign the binaries. F-Droid signed binaries are tied to F-Droid, not the original developer.
There is a VERY good reason why F-Droid makes a notable exception for Firefox and accepts an author-signed binary of that browser, because Mozilla will not stand for the same issues I won't stand for when using them as a distribution platform. It's NOT allowed, period. F-Droid refuses to do the same for Pale Moon, while it takes up a similar branding/trademark/redistribution position.
This fact also prevents anyone else from taking over from F-Droid as you assert, because a new operator will not have F-Droid's keys and Android will not accept the resulting binaries from anyone else without a complete uninstall/reinstall and removal of app data. So your assumption that anyone can take over is false just for that already.

Not even talking about potential issues with the binaries as-built on that compile/distribution platform.

Whether their server software is FOSS or not makes no difference; their distribution platform uses THEIR server(s) to build.
If you are talking about people installing their own copy of the F-Droid build platform to build their apps, then that is a situation I do not support. People can much easier build Pale Moon directly from the official sources with an included build system that is fully maintained and supported by the software developer, instead of using a third-party, wholly untested and untrusted build system that the source tree was never designed for. No, I will not support anyone who uses this build system, either, and you are on your own if you decide to use F-Droid server software to build locally. If you are advanced enough to install F-Droid server software, you are advanced enough to use the proper tools to build Pale Moon for Android from source (with a single "mach" command, as well).

There is no benefit to be had for the user, to begin with - signed, tested, author-approved side-loadable APKs are available, the source is available for you to build yourself on *nix (which really isn't that hard and uses standard build tools).

I'm certainly not going to put in time and effort to create, test and maintain build metafiles for the F-Droid platform and I'm not going to support it, because it would be supporting a system that takes rights away from developers and practices customer/developer binding in a much worse way than Google does.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

xuhdev

Re: F-Droid

Unread post by xuhdev » 2015-03-21, 20:32

Moonchild wrote:Your own post is contradictory.
F-droid is just similar to how Debian works in the sense that you can build everything by yourself, or use the binaries built by the build server maintained by F-droid people (A technical difference is that for Android you would probably need to do cross-build). Actually, F-droid makes it easier for apps to be built on users' OWN system."
Right below it:
F-droid is not a traditional store which developers distribute software on their server; it stores some meta data which teach F-droid servers to build the binaries directly from the source.
F-droid server ---> servers running F-droid, not servers ran by official F-droid people.
Moonchild wrote: Note that it's not possible to build Pale Moon for Android on your Android device. ;)
Yes, that's why I said the only difference is you have to do cross build for Android. ;)
Moonchild wrote:
F-Droid builds the binaries. That is the way F-Droid works. A dev submits source code, F-Droid servers build the binaries, and users get the binaries from F-Droid. I investigated how F-Droid works so you don't have to repeat this simple fact. This is NOT how Linux distributions work even if they offer binary packages, since in most cases, those packages are not built by the distro maintainers (usually just repackaged), and in fact, non-commercial Linux distributions are especially exempt from the branded binary restriction (did you even check the redist license? http://www.palemoon.org/redist.shtml has all this info). Did you understand what I said in my previous post about this restriction?
Moonchild wrote: This is NOT how Linux distributions work even if they offer binary packages, since in most cases, those packages are not built by the distro maintainers (usually just repackaged)
THIS IS A PROBLEM. You not only misunderstood F-Droid, but also how Linux distro works. As I said, Linux distros work similarly to the way F-droid works, except that you must do cross build for Android.

Most Linux distros build packages from source code by DISTRO DEVELOPERS. The signature is also by distro developers in most cases. Some Linux distributions make exceptions for software with trademark issues like Firefox, some don't. For those who don't give exceptions, such as Debian, simply rebrand those pakcage. (F-droid currently is not able to build Firefox, otherwise it would use a rebranded version). Please also note that it is not even technically possible to repackage prebuilt binaries for most software on Linux -- the binary compatibility issue is very complicated, you almost have to rebuild every package (which is supposed to be compiled into native code) when you move to a new distro/base system.

You can check this link https://wiki.debian.org/IntroDebianPackaging to see how Debian builds packages.

I guess the reason you got the impression that Linux distros repackage binaries is that you don't work on Linux too much and you were always asked for exception to include Pale Moon.

On Android, ALL binaries have to be signed. F-Droid will sign the binaries. F-Droid signed binaries are tied to F-Droid, not the original developer.
There is a VERY good reason why F-Droid makes a notable exception for Firefox and accepts an author-signed binary of that browser, because Mozilla will not stand for the same issues I won't stand for when using them as a distribution platform. It's NOT allowed, period. F-Droid refuses to do the same for Pale Moon, while it takes up a similar branding/trademark/redistribution position.
Please note that for Firefox they have a custom built version https://f-droid.org/wiki/page/org.mozilla.fennec_fdroid . The build process is very complicated and this version hasn't worked very well yet, that's why they have a Firefox official build included. For Pale Moon, if the build process isn't as hard as Firefox, they probably don't want to lose the chance to build it from source.
This fact also prevents anyone else from taking over from F-Droid as you assert, because a new operator will not have F-Droid's keys and Android will not accept the resulting binaries from anyone else without a complete uninstall/reinstall and removal of app data. So your assumption that anyone can take over is false just for that already.
The client software can import keys, as there are custom repositories. Plus, you can rebuild the client software. As I said, it's just similar to a common Linux distro works, such as Debian, Fedora: the client accepts new keys, and you can always fork the project if the project became a big issue.
Whether their server software is FOSS or not makes no difference; their distribution platform uses THEIR server(s) to build.
If you are talking about people installing their own copy of the F-Droid build platform to build their apps, then that is a situation I do not support. People can much easier build Pale Moon directly from the official sources with an included build system that is fully maintained and supported by the software developer, instead of using a third-party, wholly untested and untrusted build system that the source tree was never designed for. No, I will not support anyone who uses this build system, either, and you are on your own if you decide to use F-Droid server software to build locally. If you are advanced enough to install F-Droid server software, you are advanced enough to use the proper tools to build Pale Moon for Android from source (with a single "mach" command, as well).
These are all for convenience, aren't they? True if I only have Pale Moon to build, but what if I have to build many? I have to learn the details of building, and check update for them. If it's tolerable, we are all now doing Linux from Scratch.

I'm totally fine with any decision that you make -- it's already great that you released Pale Moon under a free software license, which enable others to use it in a free way. I just want to clarify my points, and wish you can change your view to the way that how Pale Moon should be distributed.

x-15a2

Re: F-Droid

Unread post by x-15a2 » 2015-03-21, 21:45

@xuhdev,
What's the big deal?
  • Moonchild has been in direct contact with the F-Droid folks regarding this issue
  • Moonchild fully understands how F-Droid works
  • Moonchild doesn't like how F-Droid would want to control his project
  • Moonchild has full control over the PM4A distribution, so it's his call
  • Moonchild graciously provides multiple sources for users to download the APK, so no service is required (no need to use Playstore, F-Droid, etc, just download and install)
  • You can choose to use the distribution methods offered for PM4A or move along.
  • Long and boorish diatribes are a waste of Moonchild's time.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35404
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: F-Droid

Unread post by Moonchild » 2015-03-22, 01:50

  • All x's points, plus
  • I fully understand how Linux works (what do you think I use to build the APKs?)
  • I made sure to include permission to allow linux distro maintainers to build from source and redistribute Pale Moon with official branding provided it's not materially changed. This applies to for Linux binaries, not APKs, of course, so lets keep those two things separate here.
  • This means I also understand that yes, distro packagers would regularly prefer to build Linux binaries from source, and in some cases would be required to
  • Building from source is often not strictly required, and repackaging officially built binaries will work just as well on many distros (but not for APKs since they need to be signed)
  • If the packaged Linux binaries work on your distro, then adding it to the package manager would be trivial by repackaging and adding metadata
F-Droid is pimarily a distribution platform operated by the F-Droid server operators to disseminate Android Apps. Whether you can build locally or cross-compile APKs using F-Droid server software has no bearing on what F-Droid stands for and what it does at its core.

As far as I'm concerned I've already had to repeat my statements more than enough, and will get back to doing actual development. If you need more clarification, ask other community members.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Agent Orange

Re: F-Droid

Unread post by Agent Orange » 2015-05-24, 16:00

So, just to be clear:
  • F-Droid does not have satisfactory terms for hosting Pale Moon in the official repos
  • Moonchild is so offended by these terms (and F-Droid's policies in general) that he rejects the idea of even creating an F-Droid repo for Pale Moon
  • Redistributing unmodified Pale Moon binaries with official branding is allowed
Official license says:
If you wish to redistribute the binaries (executable form of the code) of Pale Moon, you are free to do so, with the following limitations:
[…]
The binaries and/or archives are completely UNALTERED.
Therefore: it would be completely within Pale Moon's license for somebody else to create an F-Droid repo which provided signed-by-moonchild APKs, correct?

_Poke_

Re: F-Droid

Unread post by _Poke_ » 2015-05-24, 22:13

Agent Orange wrote:So, just to be clear:
  • F-Droid does not have satisfactory terms for hosting Pale Moon in the official repos
  • Moonchild is so offended by these terms (and F-Droid's policies in general) that he rejects the idea of even creating an F-Droid repo for Pale Moon
  • Redistributing unmodified Pale Moon binaries with official branding is allowed
Official license says:
If you wish to redistribute the binaries (executable form of the code) of Pale Moon, you are free to do so, with the following limitations:
[…]
The binaries and/or archives are completely UNALTERED.
Therefore: it would be completely within Pale Moon's license for somebody else to create an F-Droid repo which provided signed-by-moonchild APKs, correct?
I might be misunderstanding you, but the binaries are compiled code. F-Droid requires uncompiled, or source code which they then compile and sign themselves. It's impossible to host any app on F-Droid that is not compiled and signed by F-Droid itself, with the exception of Firefox which has negotiated a different deal.

I don't believe Moonchild's original stance on this has changed:
Moonchild wrote:They are explicitly forbidden to build Pale Moon with official name and branding from source, as a result.
Though if you wish to set it up yourself, it sounds like you could do it with unofficial branding.

New Tobin Paradigm

Re: F-Droid

Unread post by New Tobin Paradigm » 2015-05-24, 22:27

Unless someone steps up to maintain the android code it won't matter anyway because it will bitrot as there will not be a new version of Pale Moon for Android.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35404
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: F-Droid

Unread post by Moonchild » 2015-05-24, 23:21

Agent Orange wrote:Therefore: it would be completely within Pale Moon's license for somebody else to create an F-Droid repo which provided signed-by-moonchild APKs, correct?
Unfortunately this is not how F-Droid works. They DO NOT distribute pre-built or author-compiled/signed APKs and do not even allow any developer to request it (with the one pointed exception being Mozilla Firefox). They were very clear that they would not make any exceptions to this even if their system doesn't like the large number of dependencies involved in building Mozilla code.
The only way F-Droid distributes Apps is built by them from source on their servers and signed with their key. This means that anyone using F-Droid apps locks their app data to F-Droid's distribution (because that is how Android works - data cannot be shared between apps that are signed with different credentials) and will only be able to get updates and continue to use their app data as long as they keep using F-Droid's version of the app.
Unlike, e.g., Google Play that accepts author-signed APKs and people are free to use any other distribution framework/platform/site and/or side-load if they so wish.

I am indeed quite offended by this, because of the reasons already explained earlier in this thread, and this has not changed and will not change as long as F-Droid keeps doing it the way they are, cutting the authors of software off from their author rights, and requiring both authors and end-users to have explicit trust in F-Droid, F-Droid's build system and F-Droid's staff and policies. I'm not even talking about the risk of a takeover/merger/shutdown destroying an application developer's audience.

If someone wants to set up an F-Droid repo, they can of course do so, provided that the repo produces binaries that are not officially branded (may not carry the name Pale Moon and may not use the Pale Moon logo). This is the freedom of the Open Source license Pale Moon source code is distributed under -- please note that the redistribution license is for the browser in binary (compiled) form, and please note the explicitly stated exceptions to the rights of the source code regarding the Pale Moon name and logo.

Related, half-offtopic and half-ontopic remark: Similarly, I am offended by Mozilla doing something very similar with signing extensions with Mozilla keys and throwing away author signatures of signed extensions, tying the end user to the distribution platform of addons.mozilla.org as sole arbiter and sole distributor in a very similar way F-Droid does it for Android apps, and this results in me withdrawing from addons.mozilla.org as well.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked