Recent searches
Search options
Administered by:
Hi @mitch I wonder if I could pick your brain please? I am looking to add Anytime to F-Droid, but as they build from source I'm not sure how to handle the PodcastIndex keys. Locally, I pass these in as build time parameters so they're not stored in source. How do you do this for Podverse, or are you using a F-Droid Reproducible Build? Cheers.
@amugofjava
I was thinking about this the other day, wasn't Dave talking about removing the key requirement for some APIs because of issues like this?
@mitch
I was thinking about this the other day, wasn't Dave talking about removing the key requirement for some APIs because of issues like this?
@mitch
That's already the case though, I could disassemble your app and get your key even from the play store. Client side keys are effectively public no matter what.
Yes, I'm curious what @dave thinks. I understand it's a mitigating step at the end of the day.
Regardless, you can ask the F-Droid devs on Matrix. I recall Mitch getting a lot of questions answered there.
https://f-droid.org/en/about/
Regardless, you can ask the F-Droid devs on Matrix. I recall Mitch getting a lot of questions answered there.
https://f-droid.org/en/about/
f-droid.orgAbout | F-Droid - Free and Open Source Android App RepositoryF-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
@amugofjava @mitch I think they proxy everything through their own api
GitHubGitHub - podverse/podverse-api at v5-developData API, database migration scripts, and backend services for all Podverse apps - GitHub - podverse/podverse-api at v5-develop
@amugofjava yes @steven is correct. We can't keep keys private within the mobile app as env vars, so any thing that needs a private key goes through our API.