WebClients icon indicating copy to clipboard operation
WebClients copied to clipboard

Published 20 hours ago verified publisher icon ProtonMail

Unavailable releases/branches for reproducible builds

Open scumjr opened this issue 1 year ago • 17 comments

We are happy to answer your questions about the code or discuss technical ideas.

Please complete the following checklist (by adding [x]):

  • [x] I have searched open and closed issues for duplicates
  • [x] This isn't a feature request
  • [x] This is not a report about my app not working as expected

Related issues: #251, #129, #75

Hello,

After some trial and error, I used to successfully build proton-mail and proton-accounts web clients where the resulting files match the one in production on https://mail.proton.me and https://account.proton.me. I especially rely on the /assets/version.json files to retrieve build parameters and git info, however it doesn't work anymore.

At the time of writing, proton-accounts version.json is:

{
  "version": "5.0.63.0",
  "commit": "b3c54c5672aeaa370ca63eee18e920ee9ffcbe19",
  "branch": "[email protected]",
  "date": "Thu, 26 Oct 2023 21:57:40 GMT",
  "mode": "sso"
}

However, there are:

I encounter the same issue for [email protected]. In consequence, I fail at making Proton WebClients build reproducibly now.

Is there any reason why the public source code lags behind production releases? Issue #129 is related and marked as completed, but @vladimiry suggestions are still relevant IMHO.

For the context, I developed a (private) extension similar to Meta Code Verify for Proton, however it's useless without reproducible builds.

Thanks!

scumjr avatar Oct 31 '23 13:10 scumjr

Can confirm the issue. Practice of not publishing sources of deployed version is back. So the source publishing process doesn't seem to be automated. I hope @mmso or someone on the team could shed some light on the issue.

vladimiry avatar Nov 08 '23 21:11 vladimiry

ping

vladimiry avatar Apr 22 '24 22:04 vladimiry

Hi @bartbutler, it's been 3+ weeks since the project code/tags updates stopped to happen, but proton.me keeps getting regular updates. Can you or someone shed some light on the issue?

vladimiry avatar May 06 '24 05:05 vladimiry

Sorry, it'll return soon, there's a product reason for the delay.

bartbutler avatar May 06 '24 08:05 bartbutler

This seems to be a practice that runs counter to the ethos of open source code. Not being able to view the code you are encouraging people to install isn't what I'd call "open." What is the reason for refusing to publish what should be open code?

Additionally, the official Proton account on reddit has been promising to publish the source code for Proton Calendar since at least 2022 from what I was able to see.

GlytchMeister avatar Jun 08 '24 09:06 GlytchMeister