In an optimal world, all apps were reproducible https://f-droid.org/docs/Reproducible_Builds/ , but which apps are actually reproducible? How can I know and check?
(I don’t mean how to reproduce the build but how to check for the info that it’s reproducible?)
All apps on the official F-droid repository are, it seems to me like the document you linked explains pretty well how they verify that an app respects that requirement, it’s about the signature right?
No. I don’t even know one app that is not build aith fdroids keys. They are all not reproducible
What do you mean?
Being built with their keys doesn’t entail them not being reproducible, it could just be that the developer has a separate build that they push out to the Play Store, the releases on the forge, etc.
Having different features, like something provided by proprietary libraries, and therefore signed by them.If they intend to release the F-droid compatible build elsewhere too, then F-droid can pick up the APK they signed themselves
Wow. It’s a very good point that fdroid can still produce reproducible builds but with their own keys instead of the developers. That had not crossed my mind. As you can see in the following links, fdroid did not do that.
I just remembered an article that I’ve read. https://f-droid.org/2023/01/15/towards-a-reproducible-fdroid.html
Most importantly, they provide a link https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/reproducible/overview.md to all reproducible builds
Oh my bad, I had a misconception there too then, thanks for finding the article! I guess it’s a work in progress for now