From 52ac5970bd2d204e8fd685cd676627f106c72d32 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 3 Nov 2022 17:13:24 +0100 Subject: [PATCH] docs/All_our_APIs: new per-app API on verification.f-droid.org --- _docs/All_our_APIs.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/_docs/All_our_APIs.md b/_docs/All_our_APIs.md index 3618fe8d..57303a7f 100644 --- a/_docs/All_our_APIs.md +++ b/_docs/All_our_APIs.md @@ -132,9 +132,11 @@ checks where run: _verification.f-droid.org_ is a rebuilder that rebuilds the official releases from _f-droid.org_, then checks to see if they were [reproducibly -built](https://reproducible-builds.org/). There is a JSON file per APK that has -been checked, where the filename follows the pattern -`_.apk.json`, for example: +built](https://reproducible-builds.org/). There is an entry point for each package based on the package name: + + +Then there is a JSON file per APK that has been checked, where the filename +follows the pattern `_.apk.json`, for example: There is also a listing of all the successfully verified APKs: @@ -148,11 +150,8 @@ the idea that all released packages should be logged as they are published. This provides a way to check if a given binary was produced by the publisher, or came from somewhere else, e.g. as an exploit. _fdroidserver_ has built in tools for managing a binary transparency log of the index files as part of the release -process. This has been enabled on the Guardian Project repo: - - -There is also a prototype for running a binary transparency log for -_f-droid.org_. +process. This has been enabled on _f-droid.org_: + Since Gradle and the Google Android Tools team does not publish one, F-Droid has done it. The basic API is a JSON file with a listing of all URLs known to have