[mythtv] Android version signing key

Curtis Gedak gedakc at gmail.com
Mon Sep 10 15:55:37 UTC 2018 

Hi Peter,

SUMMARY:

I *think* that MythTV users are a savvy bunch and should be able to
delete and install an app from different locations.  Hence having more
than one app signature should be okay.  Android users can choose to
install and follow only one signed app, or be prepared to
delete and install different signed apps.

OBSERVATIONS:

Please note that I am not an Android expert either, but I can share my
experience with the SolitaireCG [SCG] app I maintain.

[SCG] https://solitairecg.sourceforge.io/

For development work and testing I find having web space that you
totally control to be the most useful.  This is best represented by your
option [1].  This can also cover production releases.

My observation is that Google's requirements for play store apps seems
to get more restrictive over time, and support for older Android devices
is dropped.  Personally I think people should be able to use devices for
as long as these still function.  If the developer is willing to support
older devices then an app store should not prevent older device support.
 In my opinion this is not the direction that Google is taking.

I do have my app on the Google play store, but I also have it published
on F-Droid [FD], SourceForge (apk file download only), and the Amazon
App store.  F-Droid caters to FOSS software only.  I think it would be a
good fit for your MythTV Android work.  In fact due to the amount of
work to publish on multiple app stores it might be best to publish on
one only.

[FD] https://f-droid.org/

F-Droid does use their own security key.  This means that apps installed
from F-Droid can be upgraded from F-Droid only.

I am neither a fan of option [2] for security reasons, nor option [3]
which relies heavily on the password remaining secret (secrets tend to
get out).

CONCLUSION:

In conclusion I think it is preferable to have one person manage the
official MythTV Android app releases.  If this person changes, then the
signature for the app would necessarily change.  The impact to MythTV
users should be minimal because people that learned how to configure
MythTV and get it operational should be able to figure out how to delete
and install an app on Android.


At least that's my two cents worth.  :-)

Thank you Peter for all your work on MythTV.

Sincerely,
Curtis Gedak

More information about the mythtv-dev mailing list