Building old popular apps in archive with new signature schemes and libraries

fdroiddata

#1

There are some popular unupdated apps moved to archive, and marked vulnerable because of old signature scheme and/or old ciphers / openssl libs.

for example:

  • Ghost commander SFTP plugin
  • Open Explorer beta
  • 920 editor / vimtouch

Is it possible to rebuild safer versions of these apps by modifying build description files to link newer libraries & signature scheme?


#2

Have you raised the issues upstream to their developers?


#3

F-Droid rebuilds are NOT developers’ concern.

Yet it’s good to

  1. check if the app source advanced since;

  2. if positive, ask devs to tag a new version


#4

see https://gitlab.com/fdroid/fdroiddata/issues/1052 as an example