Signal-android: Violation of the conditions of the GPL and the Free Open Source Software definition

Hey @rickbarton , to my knowledge we have not forbidden anything. People have requested that _we_ distribute official binary APKs outside of the Play Store, which we are currently choosing not to do for several reasons (#127, #281). If we can address those issues we would be happy to distribute binary APKs.

However, this does not "forbid" anyone else from doing whatever they please. We would not recommend that anyone use an unofficial binary build, and we would strongly and very publicly encourage users not to do so, but that doesn't prevent you from doing whatever it is you'd like.

If what you'd really like to see is _us_ distributing "official" binary APK builds outside of the Play Store, I think your efforts would be better spent contributing to the development of the missing pieces that would allow us to safely and securely do that than to threaten us with (incorrect) legal action.

@rickbarton you're interpretation of opensource licenses is plainly and completely wrong.

1) There's no way an opensource author is forced to publish his code in any special place. As long as all authors agree, they can even stop publishing it at one point

2) if an author of an opensource app "begs" a publisher/an appstore provider to remove the software, the appstore provider can simply ignore it, because when the software is open source, they can do what they want. so any "forbidding" is simply ineffective, can be ignored

So, fdroid can very well simply continue to build it's own version from the source and publish it, as they have done from the start. But they shall take care to properly update it always and in time, e.g. meintain the package properly, in a way a package maintainer of a linux distribution must act responsibly.

"We would not recommend that anyone use an unofficial binary build, and we would strongly and very publicly encourage users not to do so," - it's kind of a standing principal that a open source user is encouraged to build their own binary from source. That's considered the ideal self-responsible / report odd things netizen way. Of course, many don't do it, but the option being there isn't exactly a minor appeal...

Example: in a world of NSA/KGB/etc acceptance - how can a peace activist assume that Google's cloud hasn't been tampered with - and providing signed copies that are altered in some subtle way? or that the store app has been tampered with in some way / or SSL certs are faked /etc.

Having a source tarball and digest hash of it public on several known websites is kind of a tradition for security sake. Especially with it turns out down the rad someone binds some evidence of tampering and wants to know how long it was in the wild before discovery...

@RoundSparrow It's a completely different thing to use an unofficial build and to compile your own binary.

""We would not recommend that anyone use an unofficial binary build" - language does not encourage you to build your _own_ unofficial binary build. And then you get into the concept of trusted distributors - example Debian, etc. Even Red Hat is compiling and distributing Android apps these days - especially security related. cite: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en

The Google Play store requires an address and payment - so open source can run into paradox of needing a trusted distributor. But all this is expansion from my original point of the language being a oversight to open source tradition of building your own code or community trust.

This isn't a grammar or surface expression issue. It's an ideal. Encouraging users to build from source and having updated instructions on source dependencies and building is encouraged.

P.S. I believe the F-Droid repository doesn't have it - they seem stuck on Google cloud dependencies.