Just wondering, because i see a lot of new app merge requests and they seem not to be reviewed at all.
Asking because there is stated that merge requests are processed within 1-2 days.
Here is the thing: one needs to be quite an experienced F-Droid developer to review MRs. This is a very boring business, and experienced folks tend to work on something more fun.
Same thing with broken builds.
You mean to check the source code of the app that is submitted?
If not, i donāt get. The merge request is a simple addition of yaml file.
When I add some app I do selectively check its source code. But this is optional. Compulsory things:
- License of the app and its dependencies. They all must be a) free, b) compatible with each other (no GPL 2.0 and Apache 2.0 in the same app, for example).
- Versions of build tools. Google does not publish the source code of prerelease versions of the Android Gradle plugin. Needless to say that only free tools must be used.
- Blobs. No JARs or native libraries.
- Versioning. Many devs donāt know why versionCode exists.
- Check autoupdating.
- Test that the app builds (they often donāt).
- Test that it doesnāt crash as hell.
Also there are a plenty of things to do wrong in the metadata file, like misuse of output, confusion between build and prebuild, use of hashes instead of tags, etc.
So thereās some work behind a āsimple addition of yaml file.ā You have to do it over and over again, explaining the same things many times to different people. And the worst thing is that a lot of apps are soon abandoned by their authors and nobody is using them. So a lot of your effort is just wasted. Doesnāt sound motivating, does it? 
P.S. Looks like a rant, oh well.
1 Like
iām very new to f-droid, but it seems to me that CI does pretty much great job on a lot of items from this list. while creating a merge request for my app, iāve came across a lot of things from this list.
btw i donāt understand a policy about jar blobs. there is a gradle_wrapper.jar that is created by android studio, and iāve found it in a lot of apps that are present in the repo. is it ok? in my app it is also present, may be i should remove it?
anyways, may be those very experienced devs may implement all of the checks in CI? even license checking is possible in auto mode. there are such things like ālicensedā and ālicense-checkerā projects.
there is a gradle_wrapper.jar that is created by android studio, and iāve found it in a lot of apps that are present in the repo. is it ok? in my app it is also present, may be i should remove it?
fdroidserver removes Gradle wrapper automatically. Just leave it as is.
anyways, may be those very experienced devs may implement all of the checks in CI? even license checking is possible in auto mode. there are such things like ālicensedā and ālicense-checkerā projects.
Everyone is welcome to improve CI and fdroidserver in general. BTW, CI in fdroiddata didnāt check app source code at all until recently.
Iāll admit I donāt always remember to check those two.
I really think they should be handled by the scanner.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.