Package Details: spotify

Git Clone URL: (read-only)
Package Base: spotify
Description: A proprietary music streaming service
Upstream URL:
Licenses: custom:"Copyright (c) 2006-2010 Spotify Ltd"
Submitter: gadget3000
Maintainer: AWhetter
Last Packager: AWhetter
Votes: 970
Popularity: 30.506055
First Submitted: 2010-07-12 12:17
Last Updated: 2016-09-22 04:17

Latest Comments

lostkhaos commented on 2016-10-21 14:23

Do we not want to strip the binaries? I noticed in particular is awfully large.

Midnightfox commented on 2016-09-19 19:12

Could you please remove the KDE support part? This makes the content of the package dependent on the system it was built on. If you want a kde supported version you should consider creating spotify-kde for example.

jar3k commented on 2016-09-19 12:50

@felipec I also had the same issue, but I've found solution. Just set track_notifications_enabled as false like is described here:

barakisbrown commented on 2016-09-14 15:27

Just installed it. No UI issues whatsoever.

felipec commented on 2016-09-13 07:49

Anybody is having UI issues? Any operation like seeking, or changing the song, results in a huge lag. After several seconds the action seems to take place.

Vanpra commented on 2016-09-11 16:32

@NicoHood Thanks for the information, I have now updated the package to use SHA512 checksums.

NicoHood commented on 2016-09-10 14:52

@Creimer I thought that too first. However you can always have a man in the middle. There are different options for this:

* A local hacker in your lan (even friends) (dns/normal http spoofing)
* Your router got hacked (extern/local via wlan) (dns)
* Your provider got hacked (dns)
* Spotify servers get hacked (different binaries)
* As a special note: the download uses http, with https it would be a bit less problem

In all those cases you will get a different file. To verify its integrity you need a good hash algorithm. And that's why md5 or sha1 is not good enough if you ask me. Another point is, that spotify provides sha512sums. So its not even a big deal to use them.

CReimer commented on 2016-09-10 12:35

It's totally irrelevant which checksum is used. We're downloading directly from What should go wrong?

Checksums are not there for security reasons. They are there to check if something happend while downloading. And IMO for that purpose even MD5 is good enough.

NicoHood commented on 2016-09-10 12:26

@Vanpra Thanks you for updating. However sha1 is not really better than md5. sha256 or even better sha512 gives the most security.

Vanpra commented on 2016-09-10 12:05

I have updated the package to use SHA1 instead of md5. For anyone who wants the updated package you can find it here:

All comments