Jerboa

10263 readers

1 users here now

Jerboa is a native-android client for Lemmy, built using the native android framework, Jetpack Compose.

Warning: You can submit issues, but between Lemmy and lemmy-ui, I probably won't have too much time to work on them. Learn jetpack compose like I did if you want to help make this app better.

Built With

Features

Open source, AGPL License.

Installation / Releases

Releases

Support / Donate

Jerboa is made by Lemmy's developers, and is free, open-source software, meaning no advertising, monetizing, or venture capital, ever. Your donations directly support full-time development of the project.

Crypto

bitcoin: 1Hefs7miXS5ff5Ck5xvmjKjXf5242KzRtK
ethereum: 0x400c96c96acbC6E7B3B43B1dc1BB446540a88A01
monero: 41taVyY6e1xApqKyMVDRVxJ76sPkfZhALLTjRvVKpaAh2pBd4wv9RgYj1tSPrx8wc6iE1uWUfjtQdTmTy2FGMeChGVKPQuV
cardano: addr1q858t89l2ym6xmrugjs0af9cslfwvnvsh2xxp6x4dcez7pf5tushkp4wl7zxfhm2djp6gq60dk4cmc7seaza5p3slx0sakjutm

Contact

founded 2 years ago

MODERATORS

dessalines@lemmy.ml

Jerboa v0.0.70-alpha Release (github.com)

submitted 1 month ago by dessalines@lemmy.ml to c/jerboa@lemmy.ml

16 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] GolfNovemberUniform@lemmy.ml 1 points 1 month ago (3 children)

Update plugin com.android.test to v8.5.0 by @renovate in #1561

Was it properly checked for backdoor injections?

[–] Corngood@lemmy.ml 6 points 1 month ago (1 children)

Is there a reason you're suspicious about that particular dependency, or are you just asking about dependencies in general?

[–] GolfNovemberUniform@lemmy.ml 1 points 1 month ago* (last edited 1 month ago) (1 children)

I'm worried about that one specifically. Dependencies in general can be suspicious if they come from untrusted sources but in that case it's suspicious by being related to testing (like the xz thing was) that shouldn't even be in a released app anyways.

[–] pingveno@lemmy.ml 2 points 1 month ago

It's not included in the final build artifact. It's a Gradle plugin.

[–] dessalines@lemmy.ml 4 points 1 month ago* (last edited 1 month ago) (1 children)

What's the context there? We update dependencies very frequently.

[–] GolfNovemberUniform@lemmy.ml -1 points 1 month ago (1 children)

The context is the name of the dependency and its very questionable purpose.

[–] dessalines@lemmy.ml 6 points 1 month ago

I have no idea what this means. Why is the android testing dependency is less secure than all the other android deps we've updated?

[–] mannycalavera@feddit.uk 3 points 1 month ago

If you have a security concern you should raise this with Google using a minimal working example to demonstrate yourself.

Do you have a genuine concern and can you provide a working example of the attack surface in a repository that you can share?