As is explained in the article, a package rebuilt by the user will not be signed with the same digital key as the original play store distributed package. Due to the isolation of packages by android, this user built package will not have access the same areas on the file system as the original package. Therefore it is not a replacement and the conditions of the LGPL have not been fulfilled. In contrast a deb built by a user does not have these restrictions.
The only way I see this working is by skipping play store altogether and only distribute object files and instructions for the end users how to build a package on their own. That unfortunately prevents most people's grandmothers from using the application.
But then again, IANAL.
Regards,
Dov
On Tue, Jul 26, 2016 at 3:32 AM, Daniel Espinosa <esodan@xxxxxxxxx> wrote:
While this article digital signature is the issue, but if you create your own apk file and install in your phone, or any one do the same, with out using Play Store at all what is the difference if you create your own deb package and install in your system or any other use it at his own risk, with out use any Debian official repository?
In order to fulfill LGPL, you should provide a way for your users to download object files and by themselves links and package it with their own version of GLib.
_______________________________________________ gtk-list mailing list gtk-list@xxxxxxxxx https://mail.gnome.org/mailman/listinfo/gtk-list
