Qtox: TODO for v1.17

going to tag on one more item:

• [x] Create a profile on with an older sqlcipher, save some data in it, then try opening the profile with sqlcipher v4.3.0.

We've had a case of us accidentally breaking backwards compatibility, so we should double check than qTox will continue to work with older profiles and that our db migration code is working.

This was an issue tracked by https://github.com/qTox/qTox/issues/5952 and is fixed by https://github.com/qTox/qTox/pull/6084

• [x] update bootstrap nodes list

re: Windows dependencies, in #6023 looks like the only Windows dependency updated was Toxcore. The rest of the dependencies should be checked as well. I noticed this after when openssl's version was out of date, which I fixed in https://github.com/qTox/qTox/pull/6071. I'll uncheck that so that we can take another look at the rest of the dependencies.

Ok, seems I forgot about windows. Btw, I have a windows 10 setup now accessible, I'll start testing the windows builds soon.

sqlcipher tests should be complete now, windows dependencies too.

Tested Windows x86 and x64 and AppImage, which I've checked off in the list:
1) loading encrypted profile
1) creating new profile
1) adding friend
1) sending offline messages
1) making a call
1) make a video call
1) audio input/output in a call

@sudden6 is checking whether some of our artifacts are binary reproducible, now that qTox is itself within a specific environment. AFAIK that's still underway, but the results so far have been that they're not.

Perhaps we should start signing our release binaries, even if they aren't binary reproducible, just as a "this is the release from us" rather than "we can absolutely guarantee the contents of this binary". Assuming we make that distinction clear, thoughts on that?

Test Flatpak, with the same 7 points as above. Found a few issues:

1. Once when leaving the video call, qTox froze while clicking the leave call button, and crashed. The peer saw us timeout of the call. This wasn't reproducible.
2. qTox couldn't see my desktop or my webcam under "Video device". This may be a duplicate of #6059, though that doesn't have much info.
3. The icon doesn't switch to showing status after opening the profile, instead stays as the generic Tox logo.

I don't think any of these are worth holding the release over, but #6059 may be low hanging fruit. Perhaps we're just missing a video permission in the flatpak config or something.

Perhaps we should start signing our release binaries, even if they aren't binary reproducible, just as a "this is the release from us" rather than "we can absolutely guarantee the contents of this binary". Assuming we make that distinction clear, thoughts on that?

Am but a user, but if you ask me, I believe it'd be better than nothing (assuming the distinction is made clear). Though, personally, I prefer checksums.

Good to hear. Checksums will be available for all provided binaries with this release as well. Though in the case of both the binary and the checksum being provided by a third party, it doesn't provide any benefit unlike a signature.

re: blog.tox.chat, it looks like there haven't been client release announcements there in the past, but a qtox.github.io blogpost is ready. That's the last thing on our list :o

Release is out