shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

261
active users

#reproduciblebuilds

1 post1 participant0 posts today
Replied in thread

@SylvieLorxu And you can be affirmed it's the very same FOSS build, as at IzzyOnDroid it is a Reproducible Build – meaning, our builders built the APK from Sylvia's code, and ended up with a byte-by-byte identical APK.

Bonus points: updates usually reach you within 24h of Sylvia making them available. Our build cycles are pretty short: just a few hours, instead of a few days 😉

#ReproducibleBuilds talk at #FOSSY2025 went pretty well today, presented by myself and my colleague Chris Lamb...

For bonus fun, I used the #MNTReform to present!

Slides available:

people.debian.org/~vagrant/fos

... as well as a .buildinfo file if you want to try and bit-for-bit reproduce the slides, although I did it using an arm64 machine:

people.debian.org/~vagrant/fos

Video should be available in a month or so, hopefully?

Welcome to the RB family, FlorisBoard 🥳

apt.izzysoft.de/packages/dev.p

FlorisBoard is your versatile keyboard app, loaded with many features, keyboard layouts, skins and more. At IzzyOnDroid, we ship the "early birds": alpha & beta versions.

Thanks to the hard work of the FlorisBoard team (thank you so much, Patrick & lm41!), the app is finally RB!

IzzyOnDroid Repo Browser„FlorisBoard Beta“ – IzzyOnDroid F-Droid RepositoryBeta of FlorisBoard, the open-source keyboard which respects your privacy.

Welcome to the RB family, KeePassDX 🥳

Both, the libre and the free flavor were just confirmed:

apt.izzysoft.de/packages/com.k

apt.izzysoft.de/packages/com.k

KeePassDX is a password safe and manager allows editing encrypted data in a single file in the open KeePass format and fill in the forms in a secure way, requires no Internet connection and integrates Android design standards.

IzzyOnDroid Repo Browser„KeePassDX Libre - FOSS Password Safe“ – IzzyOnDroid F-Droid RepositorySecure open-source password safe and manager

Welcome to the RB family, OPN2 MIDI Player 🥳

apt.izzysoft.de/packages/ru.wo

OPN2 MIDI Player is a a MIDI-player based on emulator of a Frequency Modulation chip Yamaha OPN2 (YM2612).

With the help of its developer, we finally managed to confirm it as reproducible build, so its shield is up now :awesome:

IzzyOnDroid Repo Browser„OPN2 MIDI Player“ – IzzyOnDroid F-Droid RepositorySimple MIDI-player for Android based on libOPNMIDI library
Replied in thread

@SylvieLorxu sorry, but I had to boost this again now. @fdroidorg can you please make optically clear which APKs you reproduced? Developers knock our doors wondering why we say their app is not RB, while you claim it is – and checking, EACH SINGLE TIME we find the app is NOT set up RB at your end, and the JSON at your verification server clearly states you verified YOUR OWN build. Yes, that might show your build is deterministic – but not that theirs is RB. It's confusing.

Continued thread

Speaking of RB:

DavDroid 4.5.1 unfortunately failed RB. Which shows the thin line between "deterministic" and "reproducible":

We were able to build the app umpteen times, and got the very same, byte identical APK on each build: deterministic. So, it was reproducible, right? Well: no. It didn't match the APK built by the developer. A very slight difference in this case, an "off-by-one" in the baseline (so don't you worry, it's just the optimizer).

#reproducibleBuilds #IzzyOnDroid (1/2)

#Apple is not the only one dreaming up new features. There are many of us. @fdroidorg on making the most trustworthy app distribution platform, following as many best practices as possible. Many Apple has not implemented, like app reviews of source code rather than binaries, or #ReproducibleBuilds. We require human review or apps. Over 60% of our apps are reproducibly built. Apple encrypts app files, making reproducible builds impossible. It continues to only review binaries apps not source code

Welcome to the RB family, Aegis 🥳

apt.izzysoft.de/packages/com.b

Aegis Authenticator is a free, secure and open source app to manage your 2-step verification tokens for your online services.

Thanks to the help of the Aegis team, the app is now finally RB – expect the green shield coming up in a few hours :awesome:

IzzyOnDroid App Repo„Aegis Authenticator“ – IzzyOnDroid F-Droid RepositoryFree, secure and open source 2FA app to manage tokens for your online services
Continued thread

Btw: kudos for this go to @bg443 – who runs an independent builder (i.e. Ben is not a member of IzzyOnDroid himself, but his builder covers several of our apps. So it's verifying our builders are telling the truth, so to say).

So while IoD takes the APKs directly from the devs, our builders verify they were indeed built from the source code the devs claim to – while independents like Ben verify we're not "cheating". The winners are YOU :awesome: