Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please release the app on F-Droid #69

Closed
YamiYukiSenpai opened this issue Jun 13, 2020 · 35 comments
Closed

Please release the app on F-Droid #69

YamiYukiSenpai opened this issue Jun 13, 2020 · 35 comments

Comments

@YamiYukiSenpai
Copy link

Any plans on releasing this app on F-Droid?

Please and thank you.
@haruue
Copy link
Member

haruue commented Jun 13, 2020

Sorry, but currently we have no plan to publish this application itself on F-Droid.

@haruue haruue closed this as completed Jun 13, 2020
@MuntashirAkon MuntashirAkon mentioned this issue Aug 16, 2020
Closed
@IzzySoft
Copy link

I was just considering taking your app into my repo, but then I saw in your Readme:

You are FORBIDDEN to use image files listed below in any way.

The list includes the app icon, which would be shown in the lists (and on the details page) next to the app name. Well, going by the letter, that's using it "in any way". If that's not what you've meant (after all, the app drawer on Android devices would also show it), can you please explicitly state so?

Readme also says:

You are FORBIDDEN to distribute the apk compiled by you … to any store

So if I take the app compiled by YOU, that would be OK? Not sure if you'd count my repo into "any store" (I don't sell things) – or if that would apply at all (I don't compile apps either).

TL;DR: Would it be OK with you if I take the APK you compiled (and attached to your releases here) and make it available via my repo (including fetching and providing updates within 24h of their being attached here)? And if so, would there be any screenshots you'd like (or permit) to show along with its listing?

And PS: Your "Apps using Shizuku" could be complemented by SAI 😉

@RikkaW
Copy link
Member

RikkaW commented Nov 16, 2020

@IzzySoft Yes, of course.

The original purpose of "FORBIDDEN"s is to prevent people who publish modified opensource projects to Play Store. If the license allows, there are people doing this. And I know there are projects hurt from this.

@IzzySoft
Copy link

Thanks a lot! I'm now adding your app to my repo (should show up here in about 6 hours (with the next sync). Updates are fetched automatically within 24h of your attaching an APK to a new tag. Be welcome to link there from your Download page 😉

RikkaW added a commit to RikkaApps/websites that referenced this issue Nov 29, 2020
@RikkaW
Update Shizuku download
66807e7 
RikkaApps/Shizuku#69 (comment)
@songsammy
Copy link

On fdroid , all you can do is to submit the source code and fdroid does the complie.
So can you, the author, upload the code to fdroid?
I mean fdroid official repo, so we can search and install from fdroid

@IzzySoft
Copy link

IzzySoft commented Feb 7, 2021

@songsammy you don't "upload" to F-Droid. You can open a Request for Packaging to have an app included. To put it in simple terms, F-Droid would then pull the code from the app's repo to build it. But the following clause of the Readme makes this impossible:

You are FORBIDDEN to distribute the apk compiled by you (including modified, e.g., rename "Shizuku" to something else) to any store (IBNLT Google Play Store, etc.).

F-Droid needs to compile from the source, and then distributes the resulting APK.

@songsammy
Copy link

Sorry for the mistake. That's why i am here, requesting the author to release on fdroid

@linsui
Copy link

linsui commented Mar 10, 2021

Just my two cents here.

The original purpose of "FORBIDDEN"s is to prevent people who publish modified opensource projects to Play Store. If the license allows, there are people doing this. And I know there are projects hurt from this.

First of all, thanks for your app! I understand your concern, but I doubt how effective it is. Generally a misbehaving developer won't care about it but just steal your code. However this will prevent F-Droid build your app from source and distribute it. Also, I wonder this exception will make the app non-FOSS but I'm not a lawyer.

@EmanuelLoos
Copy link

Also, I wonder this exception will make the app non-FOSS but I'm not a lawyer.

I'm not a lawyer either but I do know quite a lot about free software and software licenses and I am 99% sure this goes against freedom 2 & 3 of the four essential freedoms of free software defined in the Free Software Definition if it is legally valid which is not clear to me because Shizuku is licensed under the terms of the Apache-2.0 License.

The original purpose of "FORBIDDEN"s is to prevent people who publish modified opensource projects to Play Store. If the license allows, there are people doing this. And I know there are projects hurt from this.

You are right this is a problem with permissive free software licenses like the Apache-2.0 License which is solved by copyleft licenses for free software like the GNU General Public License (GPL). These licenses introduce conditions on distributing the code that are not taking away any of the mentioned freedoms but requiring anyone using the code to comply with them. Specifically the GPL requires anyone who wishes to distribute your app to make the source code of his/her version available under the terms of this license as well so that you can use any of these modifications in our app as well. Both the GPL and the Apache-2.0 License require attribution. Anyone can take code from your project but they need to mention it is your work, not theirs. The GPL is a bit more strict here as section 5d of the GPL states:

d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.

In relation to this app this means the UI must inform the user who worked on code used in this app ("copyright owners") and display the license of each part of the app. Normally this is done in the "About" section. For example you may take a look at how NewPipe which is licensed under the terms of the GPLv3-or-later, this way it can easily switch to a newer version of the GPL. Copyleft is quite difficult so to avoid code needing to be rewritten when switching to a newer version of the GPL this optional additional permission is granted, which I would recommend as well.

The GPL, version 3 is compatible with the Apeache-2.0 License which means, if you like, you can simply switch from the Apache-2.0 License to the GPL, version 3.

There is a GPL howto which can help you with licensing if you choose the GPL.

@vvb2060
Copy link
Collaborator

vvb2060 commented Jun 30, 2022
edited
Loading

e288f99

We have updated readme for easier understanding. Code can be copied and modified. Distributing our built apk is allowed. Uploading your built apk to stores is not allowed. If you are concerned that the apk we build may be different from the public code, you can use ci build https://github.com/RikkaApps/Shizuku/actions/workflows/app.yml?query=event%3Apush

We don't care if the app is FOSS or not, we expose the code for the purpose of sharing knowledge. Allow anyone to use our code, include closed source software (GPL takes away the right of closed source software to use our code). However, distribution of modified apks is not welcome, which can make it difficult to handle feedback. F-Droid modifies the source code at build time, you should not trust F-Droid, GitHub Actions is a verifiable and reproducible build.

@IzzySoft
Copy link

Yes, reproducible builds are a good thing:

😉

@goyalyashpal
Copy link

goyalyashpal commented Jul 15, 2022
edited
Loading

Shizuku/README.md

Line 101 in 234b1c8

You are **FORBIDDEN** to distribute the apk compiled by **you**

yeah, i was also thinking that if distributing self compiled apk is forbidden, then reproducible builds can be used. so, if the build by fdroid matches with the apk released here, this one is distributed, otherwise, that build/version/tag is dropped.

but yeah, i am just thinking if it would be acceptable by u, not saying that this should be done forcefully or so...

anyways, found this app via droidify --> changelog --> latest v0.4.7 --> Droid-ify/client#39

@Mannshoch
Copy link

I requested this app in fdroid forum and got a link to this discussion:
https://forum.f-droid.org/t/request-shizuku/21957/1

@shaggyskunk
Copy link

shaggyskunk commented Apr 11, 2023 via email

@Mannshoch
Copy link

APK Mirror is mor worse than downloading it from github or fdroid. I do not know the people or organisation behind that Website. And I'm not able to compare any hash.

@shaggyskunk
Copy link

shaggyskunk commented Apr 11, 2023 via email

@Mannshoch
Copy link

I do not know what you mean by run by Android Policy I'm sure this website is not from Google.

The app from RikkaApps is trustworthy by the widely using and - I hope so - some more eye that look into the code. And Fdroid because I personally misuse them as a verification of the Code.
I know they do not look deep into the code and do not promise anything but I use what ever I get.

@haruue
Copy link
Member

haruue commented Apr 11, 2023

And I'm not able to compare any hash.

@Mannshoch

Android has a built-in mechanism called package signature verification that can reliably check the hash for you.

Ensure that you are not utilizing any Xposed modules, such as Core Patch, to disable package signature verification. Download Shizuku from the GitHub release for the first time, and thereafter, you can download it from any source of your choice (including APK Mirror). The package signature verification will take care of everything to ensure that you install an authentic version of Shizuku.

@shaggyskunk
Copy link

shaggyskunk commented Apr 11, 2023 via email

@linsui
Copy link

linsui commented Apr 11, 2023

You can get the apk from the release directly. No need to use apk mirror. If you want update check, you can get it from IzzySoft's F-Droid repo.

@shaggyskunk
Copy link

shaggyskunk commented Apr 11, 2023 via email

@IzzySoft
Copy link

Well, here's a compromise: Enable the IzzyOnDroid repo and find Shizuku here. With the F-Droid app. Including automated updates. And more than 1.000 other apps. As linsui just suggested 😉

@shuvashish76
Copy link

shuvashish76 commented Apr 30, 2023
edited
Loading

F-Droid modifies the source code at build time, you should not trust F-Droid, GitHub Actions is a verifiable and reproducible build. (comment)

@linsui Reproduciable builds possible for F-Droid? If yes then it shouldn't be an issue for Shizuku devs. 🧐

@linsui
Copy link

linsui commented Apr 30, 2023

It's possible.

This was referenced Jun 1, 2023
Closed
Open
@IzzySoft
Copy link

IzzySoft commented Jun 5, 2023

@RikkaW just a minor point that could also help (we had this "is-it-foss" discussions on many projects using your library, which luckily is not affected by that phrase):

The original purpose of "FORBIDDEN"s is to prevent people who publish modified opensource projects to Play Store. If the license allows, there are people doing this. And I know there are projects hurt from this.

Do you really think those copycats would care for that clause (also see this comment)? I think what you mean by "modified" here is "ad-and-tracking-enriched" and not even giving credits. There was just one such copycat taken down entirely from Play after multiple of the original authors complained to Google (one that I'm aware of that is), so there'd be means to deal with that.

F-Droid modifies the source code at build time

What gives you that idea? That's usually not the case. And using reproducible builds (as it was suggested) will even ensure that's not the case, and can be verified.

So would you consider? Not pressing, just suggesting 😉

@EmanuelLoos
Copy link

EmanuelLoos commented Jun 5, 2023
edited
Loading

We don't care if the app is FOSS or not, we expose the code for the purpose of sharing knowledge. Allow anyone to use our code, include closed source software (GPL takes away the right of closed source software to use our code). However, distribution of modified apks is not welcome, which can make it difficult to handle feedback.

You might also want to consider dual licensing, like so:

Give anyone who wants to use the code the choice between two licences:

  1. the FORBIDDENs, where the code can also be used in non-free software, or
  2. the GPLv3-or-later

That way you could share knowledge with all software developers (free and non-free) while avoiding copycats just as effectively and making the app eligible for F-Droid (they would still wait for your specific agreement before doing anything with your app and won't touch it if you say no), you can inform them about your requirement of reproducible builds and I think they would be more than happy to meet that requirement, because they are striving for reproducible builds as well, in fact, they are currently headed towards a reproducible F-Droid, are "encouraging new apps to enable reproducible builds" and have "gotten many more reproducible apps in F-Droid than before" lately.

If you like that idea, I can also provide assistance with licensing and making the (most important) conditions clear in the README.

@Cuteistfox
Copy link

We don't care if the app is FOSS or not, we expose the code for the purpose of sharing knowledge. Allow anyone to use our code, include closed source software (GPL takes away the right of closed source software to use our code). However, distribution of modified apks is not welcome, which can make it difficult to handle feedback.

You might also want to consider dual licensing, like so:

Give anyone who wants to use the code the choice between two licences:

1. the FORBIDDENs, where the code can also be used in non-free software, or

2. the GPLv3-or-later

That way you could share knowledge with all software developers (free and non-free) while avoiding copycats just as effectively and making the app eligible for F-Droid (they would still wait for your specific agreement before doing anything with your app and won't touch it if you say no), you can inform them about your requirement of reproducible builds and I think they would be more than happy to meet that requirement, because they are striving for reproducible builds as well, in fact, they are currently headed towards a reproducible F-Droid, are "encouraging new apps to enable reproducible builds" and have "gotten many more reproducible apps in F-Droid than before" lately.

If you like that idea, I can also provide assistance with licensing and making the (most important) conditions clear in the README.

i think that gets a +1

@alexgieg
Copy link

I'd like to point out that the "Forbidden" has no meaning at all for any code that says it's Apache 2.0 licensed. If a file says it's Apache 2.0 licensed, it's Apache 2.0 licensed, including the right to recompile and distribute. This is the case irrespective of the README saying the project as a whole doesn't actually comply with the Apache 2.0 License. If someone were to fork the entire master branch, then delete the README file and any file that isn't licensed by the Apache 2.0 License, they'd end up with a resulting branch that's entirely made of Apache 2.0 Licensed files, which thus explicitly allows redistribution of recompiled binaries.

To make the code non-redistributable in recompiled form, the project as a whole, meaning all of its individual files that aren't 3rd party libraries, would need to be relicensed either under a license crafted so as to forbid redistributing recompiled versions or, at the very minimum, the Apache 2.0 License should be removed from the repository and from the files. This would mark the project, from GitHub's perspective, as not having a general license, that is, as being fully copyright-restricted under whatever terms the author chose. The only things that are allowed in this case, per GitHub's Terms of Service, is for the code to be viewable and forkable -- which is what you seem to want it to be. I'd suggest doing that, plus adding a freeware EULA.

Notice that making the code proprietary may cause it not to be legally allowed to use certain libraries that are only available to fully open-source (OSI definition) or free-software (FSF definitions) software, so you'd need to look into the libraries you use and replace the ones that are incompatible with usage within proprietary software (even if it's freeware), if any.

@vvb2060
Copy link
Collaborator

vvb2060 commented Jun 17, 2023

Android applications differ from Linux programs in that they have package names and signatures. The package name is equivalent to a domain name, which should be unique in the world and show the owner, and the signature is equivalent to a TLS certificate for the domain name.
We authorize everyone to use shizuku code (Java and Kotlin) because we believe it is enough for developers. If someone wants to use the package name, icon and app name of shizuku (Gradle, PNG and XML), then this is a counterfeit website and we cannot be responsible for its content.
We don't want to care about FOSS, we don't want to care about license, because they are too much of a hassle, and if someone does do something, there is nothing we can do about it. We just think that apps shouldn't exec su and then parse the return string to IPC, calling privileged APIs should be like normal APIs, so made this app and share it with you. If your app needs to call privileged APIs and you don't like shizuku, you can include the whole code in your app and do it all yourself.

@linsui
Copy link

linsui commented Jun 18, 2023

IIUC, anyone who want to include Shizuku in F-Droid should fork this repo and change the app name, id and icon, and make it clear that it's a fork of Shizuku. Then please open an MR to fdroiddata.

@Cuteistfox
Copy link

@vvb2060 than just use Apache and have the icons and name and app id as trademarks to solve disputes

@RokeJulianLockhart

This comment was marked as off-topic.

Sign in to view
@Pandapip1
Copy link

Pandapip1 commented Sep 14, 2023
edited
Loading

This might be beating a dead horse, but instead of this weird dual license with exceptions idea, why not just use the LGPL? Shizuku forks would have to be LGPL-licensed, but other apps can use Shizuku as a dependency and have whatever license they want (including proprietary ones!) just fine.

https://choosealicense.com/licenses/lgpl-3.0/

IANAL, but: the current license doesn't work the way you think it does. Say I want to make my own fork of shizuku. Under the terms of your modified Apache 2 license, I have the right to sublicense Shizuku. In fact, anyone can, right now, exercize that right to sublicense the current version of Shizuku and all previous versions that use the same license under the LGPL with the additional conditions (required by the apache 2 license) that you must include a copy of the README and Apache-2 license when distributing and require that anyone else also distribute those files. EDIT: This is all nonsense, please read @Atemu's comment below. The LGPL is still a good idea though IMO.

@Atemu
Copy link

Atemu commented Oct 13, 2023

Before coming across this issue, I have opened #359. That may perhaps be a better place to discuss this topic going forward.

A couple notes on this issue's discussion:

  • The terms added to the README are part of the license. It does not much matter whether they're stated in the LICENSE file or README file. Though obviously it'd be clearer for everyone if they were also put into the LICENSE file.
  • In my understanding, sublicensing allows you to place further restrictions on a license but not to remove existing terms. You cannot remove the distribution restriction via sublicensing; you'd have to re-license.

@tomasz-lasko tomasz-lasko mentioned this issue Nov 14, 2023
Open
@Freed-Wu
Copy link

Freed-Wu commented Feb 26, 2024
edited
Loading

  1. In some nations, access github and download github release is too slow to be finished without any proxy tools.
  2. In these nations, F-droid has many mirrors like https://mirrors.tuna.tsinghua.edu.cn/help/fdroid/, which are very fast method to download APKs.

No offense, Just some truth 😄

@shuvashish76 shuvashish76 mentioned this issue May 7, 2024
Open
@BinTianqi BinTianqi mentioned this issue May 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests