Remember people, if newpipe give error when try to play a video, just turn your phone horizontally and vertically until the error leave. Is really easy
Remember people, if newpipe give error when try to play a video, just turn your phone horizontally and vertically until the error leave. Is really easy
add this repo ☞ https://archive.newpipe.net/fdroid/repo
Even with that repo it doesn’t come up. Not sure how long it takes for it to appear, GitHub is showing the release was tagged about three hours ago as of this writing.
it’s on there. did you sync/refresh after adding the repo?Not OP, but can also confirm it’s not there.
My current version is
Version 0.27.4 org.schabi.newpipe
Rotating does nothing
i’m on droidify, started using obtainium for newpipe after the last “google breaks newpipe” (because it takes repositories some time to add the new updates)
than what i see in there is my obtainium update (?)
I stay well clear of obtanium. Github releases are not the source-reproducible binaries they sometimes pretend to be. There’s no QC whatsoever.
I’ll stick with the F-droid vetting. It’s not perfect, but it’s enough
Conversely I stay clear of F-Droid as they build and sign packages on behalf of the original developers, adding yet another point of injection for malicious code or supply chain attacks.
I hear you, but they have to to sign the packages because android builds are not reproducible. Yeah it’s an extra notch in the chain, but it’s an extra check against bad binaries too
Care to elaborate? I do not fully understand the meaning of your claim :/. I use Obtainium for everything and haven’t had any issues until now.
Still curious from your perspective the meaning of what you said.
not the best resource, but:
From what I understand, F-droid regularly audits a few new apps for malicious code, and always makes sure that the source built the binary.
With Github releases, maybe some of these binaries are generated by CI, but I’m betting more that they’re generated locally in dev and then uploaded to Github as direct releases. That is, the source you see on a repo on Github is not neccesarily the same source used to generate their binaries.
To me that’s a wide angle of attack, and that’s why I stick with F-droid, even if it’s minimal checking.
That’s a good point, but how can a malicious code be add to a source code from github? I mean if you only use trusted applications repos (most of them are already on f-droid anyway) there shouldn’t be any concern right?
But reading from the link you posted there’s some chance of a MITM attack and send a malicious payload directly to Obtainium? (Correct me if I’m wrong).
Didn’t knew that :/
Thanks for sharing your knowledge !