I’m a long-time open source contributor, but I’ve never open-sourced an Android app before.
I built an app called Everyone’s Timetable out of a private git repository because it has at least a private Google key in it, and possibly other private things that I don’t even remember about.
I would like to open source it without someone stealing my identity because I was careless.
Can someone help please? I was thinking to take a snapshot of the latest revision from my private git repository, remove whatever is private, and put it into a public SVN repository. That would also remove the complexities of existing branches.
Any advice welcome. The app is currently only usable by people from Seneca College, but I built it to allow other schools to use it if they just tell me what their timetable structure is.
Clone the repo into another local repo. Remove the api keys and anything else you need to. Use git ignore to keep api keys or other things in separate files stored locally, then of to a new public reply.
If your app uses google apis, those dependencies will need to be removed or replaced. That includes stuff like crash reporting, analytics, etc. This is what hotlittlewhitedog was referring to earlier - all apps on F-Droid are built from source (including their dependencies), and these apis are basically closed source (a black box).
The apps are all are signed with F-Droid’s key. Its also possible to continue using your own key if using reproducible builds). To get your app into the repo you need to submit a request for packaging, and eventually somebody (a volunteer) will try to build it and then add metadata. You can speed this up by creating the metadata yourself and submitting a pull request.
First things first though, your code needs to be in a public repo, and it needs to be possible to build it without any closed source deps.
Cool! I don’t have any closed-source dependencies, like I said - I’m an open source guy
Sounds not too hard to do. I just have to examine the code again to make sure I didn’t leave any passwords in the comments and then I’ll put the latest revision into a new repository.
Is SVN an acceptable VCS, in case I have trouble creating a public Git repo? I think mine only works over SSH currently.
Cool! I don’t have any closed-source dependencies, like I said - I’m an open source guy
I figured I only mention it because of how easy it seems to fall into the trap of using these apis. Google really pushes this stuff, its practically baked into the sdk.