Dear #Android #App #Developers, as it still happens far too often (no naming, no shaming!
Thanks!
@IzzyOnDroid How do you deal with key rotation ? And, is it planned for the client to inform about an application they have to reinstall (because of that) ?
@S1m Key rotation does no longer work at F-Droid.org, but it does at IzzyOnDroid (as we implemented the suggested patches instead of accepting their implementation of the "POC fix" back then). If Key rotation is used, no notifications are needed; IIRC, Android handles that (we have only 1 such app yet). And establishing RB here does not require it either, as we only ship the APKs signed by their resp. devs to begin with (RB runs on a "parallel track" here).
@IzzyOnDroid @S1m the f-droid client doesn't handle key rotation. I think neo store and droid-ify allow disabling the key fingerprint check allowing android to handle the rotation but all clients will by default consider the key incompatible and not offer an update as the index format itself does not support key rotation even when generated using an implementation that doesn't flat out reject all APKs with rotated keys like fdroidserver does
@obfusk @IzzyOnDroid so the index needs to be patched too
@obfusk @S1m Confirmed that NeoStore can handle that. Just checked: Droid-ify had a new release this year already, so it should now handle that as well by now (last time I've checked it was implemented but not yet published, now it should be both). I cannot tell about other clients or how they might handle it.