[Android-tools-devel] non-free binary packages and Chinese mirrors
Hans-Christoph Steiner
hans at at.or.at
Sun Dec 6 13:45:56 UTC 2015
The chances of an XCodeGhost happening to Android developers are high,
since the Android SDK is also commonly downloaded through random
mirrors. I added a test of a quick idea to make the
google-android-sdk-docs-installer package download from Chinese mirrors
if the Google mirror is not available:
https://anonscm.debian.org/cgit/android-tools/google-android-sdk-docs-installer.git/commit/?id=5804b62744f2571f85a3d368f3b8fe6800ef49f0
We could easily add such downloader packages for Google's Android SDK
binaries to quickly address the security issue here. But my concern is
that it would distract us and take development time away from the more
important task of getting the Android SDK in Debian by default.
.hc
More information about the Android-tools-devel
mailing list