45
submitted 3 months ago by dessalines@lemmy.ml to c/jerboa@lemmy.ml
top 22 comments
sorted by: hot top controversial new old
[-] DeadNinja@lemmy.world 7 points 3 months ago

Not going back to Jerboa unless the basic feature of searching contents other than just communities is implemented. I find this fundamental feature sorely lacking in Jerboa while every other app around there have this.

\

https://github.com/LemmyNet/jerboa/issues/27

\

Kind of surprising, because this is pretty basic feature, and has been open for over two years.

[-] taaz@biglemmowski.win 6 points 3 months ago* (last edited 3 months ago)

Getting "Posts failed loading, retry" button after scrolling to the end of Subscribed feed (does not matter if Scaled, New).
Verified across multiple instances.
E: And the button does nothing, specifically, after clicking it it vanishes and comes back (the loading bar does not appear). No problem in All.

[-] dessalines@lemmy.ml 6 points 3 months ago* (last edited 3 months ago)
[-] dessalines@lemmy.ml 4 points 3 months ago

k, just did a release with this fixed, thanks to mv-gh for this one.

[-] taaz@biglemmowski.win 3 points 3 months ago

Was just checking the issue out and seeing MV-GH had a fix ready, awesome work and thanks for the quick release!

[-] AlligatorBlizzard@sh.itjust.works 2 points 3 months ago

Is there a way to revert to an old version of the app? This issue is annoying enough for me that I'm now temporarily on Voyager. I don't hate it, but I'd rather be on Jerboa.

[-] dessalines@lemmy.ml 4 points 3 months ago

If you installed through f-droid, you can install older versions.

[-] AlligatorBlizzard@sh.itjust.works 2 points 3 months ago

Okay, thank you.

[-] GolfNovemberUniform@lemmy.ml 0 points 3 months ago

Update plugin com.android.test to v8.5.0 by @renovate in #1561

Was it properly checked for backdoor injections?

[-] Corngood@lemmy.ml 7 points 3 months ago

Is there a reason you're suspicious about that particular dependency, or are you just asking about dependencies in general?

[-] GolfNovemberUniform@lemmy.ml 0 points 3 months ago* (last edited 3 months ago)

I'm worried about that one specifically. Dependencies in general can be suspicious if they come from untrusted sources but in that case it's suspicious by being related to testing (like the xz thing was) that shouldn't even be in a released app anyways.

[-] pingveno@lemmy.ml 3 points 3 months ago

It's not included in the final build artifact. It's a Gradle plugin.

[-] dessalines@lemmy.ml 6 points 3 months ago* (last edited 3 months ago)

What's the context there? We update dependencies very frequently.

[-] GolfNovemberUniform@lemmy.ml -3 points 3 months ago

The context is the name of the dependency and its very questionable purpose.

[-] dessalines@lemmy.ml 7 points 3 months ago

I have no idea what this means. Why is the android testing dependency is less secure than all the other android deps we've updated?

[-] mannycalavera@feddit.uk 4 points 3 months ago

If you have a security concern you should raise this with Google using a minimal working example to demonstrate yourself.

Do you have a genuine concern and can you provide a working example of the attack surface in a repository that you can share?

[-] LarkinDePark@lemmygrad.ml 3 points 3 months ago
[-] GolfNovemberUniform@lemmy.ml -1 points 3 months ago

Check the code for suspicious lines and then check the compiled app for network traffic etc

[-] dessalines@lemmy.ml 2 points 3 months ago* (last edited 3 months ago)

There were dozens of dependency upgrades in this release, I have no idea why you think this specific one has security issues. Either way we don't have time to read through every line of code of every dep update, but here's the source code: https://android.googlesource.com/platform/tools/base

If you find something, you might want to submit a PR as it would affect not just ours, but a lot of android projects.

[-] GolfNovemberUniform@lemmy.ml -2 points 3 months ago

Reading through the code of the dependency is not required. What is required is reading through the merge request to see if the dependency isn't used for malicious or wasteful purposes. Checking on the authenticity of the dependency is a good idea too.

[-] dessalines@lemmy.ml 2 points 3 months ago

Open up an issue for your concerns on the google issue tracker, here it is linked for you: https://android.googlesource.com/platform/tools/base

[-] GolfNovemberUniform@lemmy.ml -2 points 3 months ago

It's not the dependency itself that concerns me. It's the usage of it in the app. As we already know, it's easy to insert trojan code in testing procedures.

this post was submitted on 15 Jul 2024
45 points (100.0% liked)

Jerboa

10290 readers
2 users here now

Jerboa is a native-android client for Lemmy, built using the native android framework, Jetpack Compose.

Warning: You can submit issues, but between Lemmy and lemmy-ui, I probably won't have too much time to work on them. Learn jetpack compose like I did if you want to help make this app better.

Built With

Features

Installation / Releases

Support / Donate

Jerboa is made by Lemmy's developers, and is free, open-source software, meaning no advertising, monetizing, or venture capital, ever. Your donations directly support full-time development of the project.

Crypto

Contact

founded 2 years ago
MODERATORS