Browser - Mulch vs Cromite?

locusan

[deleted] Servers that store identical data, it's a method to distribute a load between several servers.
https://discuss.privacyguides.net/t/psa-update-your-tor-browser-as-soon-as-possible-fixes-a-security-vulnerability-mozilla-has-had-reports-of-being-exploited-in-the-wild/21389/9

[deleted]

I decided to stick with Mulch until I switch to GrapheneOS and Vanadium :-)

[deleted]

DeletedUser87 "And avoid F-Droids reproducible Builds" Can you explain this more and how I can be aware of that for Apps? (And could you check my last opened Discussion Question if possible? I feel like you have a good understanding in this)

DeletedUser87

[deleted] right here https://f-droid.org/en/docs/Reproducible_Builds/

DeletedUser88

DeletedUser87 Are you recommending that they avoid reproducible builds? Why is that? If anything, they should seek out reproducible builds.

[deleted]

DeletedUser87 I did read that, but I did not understand, how I should see which Apps have these, that I can avoid it. It's a bit difficult for me.

DeletedUser87

DeletedUser88 from the article I linked way above: (Quote)

How can you be sure that the app repository can be held to account for the code it delivers?

F-Droid’s answer, interesting yet largely unused, is build reproducibility. While deterministic builds are a neat idea in theory, it requires the developer to make their toolchain match with what F-Droid provides. It’s additional work on both ends sometimes resulting in apps severely lagging behind in updates, so reproducible builds are not as common as we would have wanted. It should be noted that reproducible builds in the main repository can be exclusively developer-signed.

DeletedUser88

DeletedUser87 I don't see how this explains why reproducible builds should be avoided.

DeletedUser88

DeletedUser87 so reproducible builds are not as common as we would have wanted.

This implies reproducible builds are a good thing and need to be more common as opposed to being avoided. If a developer puts in the work and provides a reproducible build then this is a net positive. The developer of Accrescent themselves have said that their is value in reproducible builds but it is not a priority for Accrescent at the moment.

Source

DeletedUser87

DeletedUser88 I think it's pretty obvious, no?

While deterministic builds are a neat idea in theory, it requires the developer to make their toolchain match with what F-Droid provides. It’s additional work on both ends sometimes resulting in apps severely lagging behind in updates

Probably9857

DeletedUser87

Those are difficulties that reproducible builds create for the developer. But if the developer is willing to put in the extra effort, reproducible builds are unquestionably a good thing.

In your own quote, the author even says, "reproducible builds are not as common as we would have wanted."

DeletedUser87

Probably9857 I agree that it's a good thing. I just don't know how much it slows down the update progress in general or rather how much updates are delayed because the builds need to be reproducible first.

[deleted]

@DeletedUser87 Since you know more about me on this topic, maybe you can guide me on this similar topic: https://discuss.grapheneos.org/d/17019-f-droid-vs-github

« Previous Page