This isn't a project developed for the public sector really. Afaik it's a privately funded, for profit, product that has been licensed by several states in Germany by now.
Apart from that the official (indeed publicly funded) Corona-Warn-App did a much better job at this. (They actually did follow all the recent best practices in software-develoment + it's (mostly) run as a free software project, taking community contributions seriously, reacting to feedback and issues, etc.)
Have you looked at the beta versions yet? The UI was overhauled over basically the last 1.5 years and the points mentioned in the blog post are the bits missing to release that as a stable version (IMAP IDLE mostly): https://github.com/k9mail/k-9/releases
I've been running the betas since more than a year without any problems whatsoever. (If you don't need push obviously)
Thanks for the tip, the GitHub release makes a real difference compared to the outdated version on the Play Store. It's sad that there is not many reliable email client alternatives to GMail that works with custom server.
> I definitely struggle to understand why IMAP IDLE is critical for a release.
The functionality is present in the latest stable version, but needs to be reimplemented in the new version. As a user I would be upset if the app was updated and that feature taken away, even if it was only temporary.
I am not using the beta version of K-9. I was able to make it work mostly correctly on Android 11 by setting it to "Not Optimized" in the battery power permissions. That will allow it to run in the background. It seems to be able to use IDLE and to also run its periodic polling that way. Otherwise I would open K-9 and it would be hours out of date.
What's a minsdk force? I know what minsdk is but the sentence doesn't compute for me
Edit: oh, randomly spotted this:
> A major factor was the API level requirement by Google Play. It required us to make changes to internals of the app in order to be able to publish updates via the Play Store.
I don't get the problem. Why not do a release? If google doesn't want the hard work and updates yet, fine, you can still tag a new release and people can use f-droid, download the apk, whatever right? (I'm using it via f-droid, thought most people would be doing that since it's an open source client with graphics from the 2009, the kind of thing you only use as foss fan).
Does this also mean older devices are forced into obsolescence? Since this is minsdk and not maxsdk it sounds like it, but there's still many apps that run on my 2018 device with Android 7 (and even 2012 device with 4.4) so that can't really be.
No, they aren't linked. Maybe you are mixing it with compileSdk, that and targetSdk are usually linked but minSdk is almost always considerably behind.
I think where it went wrong here is that when it asked you for your "passphrase" (which is called a recovery key) it's very likely it wanted your login password instead. (Because that is indeed needed to reset the recovery key).
The recovery key (whitespace doesn't matter btw, it's just a 48 char string) is only needed when you logout of all devices and subsequently want to restore your encrypted messages.
Even so, the fact that this could cause such confusion is a valid point, and more care need to be taken to differentiate the purpose and situation for each. It's a software problem, not a user problem.
Of course you might agree with this, and i personally find the key and password management quite problematic after using it with a few non technical people.
They should have taken a page out of Bitcoins/Ethereums book and used mnemoic phrases and clearly labelling them as "Recovery key" with big red bold letters everytime you enter it.
yeah, that would definitely help! I find it sad that so many high profile open source projects lack in UI, even though there's a lot of smart people working on them.
Maybe it's a question about prioritizing time for technical features and downgrading the importance of a good UI and onboarding. Since time is limited, but in the case of matrix, I would say UI is just as important as the technical part. If they get more funding, maybe it will change in the future.
My mail server logs show about 20 failures in all of the last week until yesterday 20:43 CET, then 350 failures between 20:43-00:21, then nothing after that. So fair enough, from the client side rather than the status page it looks like 3.5 hours rather than 2.5.
But still, given that resolution time, the suggested solution of changing the SMTP server is absolutely ludicrous.
> removes one layer of Google code, but keeps building on the Google layers beneath it.
Well, the layers beneath it are AOSP and free software. The situation is certainly not great, with source drops, nonfree firmware blobs, etc. But it is relatively easy to grab an AOSP source-tree for your device, make some changes, rebuild the OS and install this to your phone, given an unlocked/unlockable bootloader. In my opinion this is a highly desirable property of any system I'm using. It also enables things like GrapheneOS and CalyxOS which are Android distributions which focus explicitly on security and privacy.
> Can the Exposure Notification Framework be trusted less than the rest of Android?
ENF is part of Google Play Services and thus proprietary software. It is also a hugely scary and absolutely giant bundle of software you need to keep running in it's entirety, you cannot use just the ENF part. Play services can remotely update any software on your phone, they have also been known to "accidentally" not respect users (location)-tracking opt-out choices. So while I personally don't consider googles ENF implementation problematic (from their docs, the sources are ofc not available) the rest of play services most certainly is.
> Or does this support more hardware?
Apart from the already mentioned gapps free ROMS it supports modern Huawei phones (which also come without gapps). Making it work on Android 5 will probably happen (Google ENF supports Android 6+ afaik)
The package description doesn't do a particularly great job at explaining what this is:
This is the German "Coroana Warn App"[1], the official German contact tracing app but instead of using Google's Exposure Notification Framework (ENF) it relies on the microG implementation of the same API. It can either use a system-level microG implementation or fall back to the bundled implementation running purely as an app without any system permissions.
This makes the app fully free and 100% compatible with the upstream google based version.
Apart from that the official (indeed publicly funded) Corona-Warn-App did a much better job at this. (They actually did follow all the recent best practices in software-develoment + it's (mostly) run as a free software project, taking community contributions seriously, reacting to feedback and issues, etc.)