mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-20 13:50:12 +01:00
3011953d0e
pickle can serialize executable code, while JSON is only ever pure data. The APK cache is only ever pure data, so no need for the security risks of pickle. For example, if some malicious thing gets write access on the `fdroid update` machine, it can write out a custom tmp/apkcache which would then be executed. That is not possible with JSON. This does just ignore any existing cache and rebuilds from scratch. That is so we don't need to maintain pickle anywhere, and to ensure there are no glitches from a conversion from pickle to JSON. closes #163 |
||
|---|---|---|
| .. | ||
| obb.mainpatch.current/en-US | ||
| org.videolan.vlc/en-US | ||
| categories.txt | ||
| com.politedroid_3.apk | ||
| com.politedroid_4.apk | ||
| com.politedroid_5.apk | ||
| com.politedroid_6.apk | ||
| duplicate.permisssions_9999999.apk | ||
| fake.ota.update_1234.zip | ||
| index-v1.json | ||
| index.xml | ||
| info.zwanenburg.caffeinetile_4.apk | ||
| main.1619.obb.mainpatch.current.obb | ||
| main.1101613.obb.main.twoversions.obb | ||
| main.1101615.obb.main.twoversions.obb | ||
| main.1434483388.obb.main.oldversion.obb | ||
| obb.main.oldversion_1444412523.apk | ||
| obb.main.twoversions_1101613.apk | ||
| obb.main.twoversions_1101615.apk | ||
| obb.main.twoversions_1101617_src.tar.gz | ||
| obb.main.twoversions_1101617.apk | ||
| obb.mainpatch.current_1619_another-release-key.apk | ||
| obb.mainpatch.current_1619.apk | ||
| patch.1619.obb.mainpatch.current.obb | ||
| souch.smsbypass_9.apk | ||
| urzip-; Рахма́, [rɐxˈmanʲɪnəf] سيرجي_رخمانينوف 谢·.apk | ||