• Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    48
    arrow-down
    3
    ·
    1 year ago

    Those are some very strange objections to F-Droid. The outdated signing software on the backend doesn’t really affect the end user, for a start. The signing key problem is also present in Google Play, the only other app store people actually use, and it’s intentional.

    F-Droid builds the sources developers make available, it doesn’t accept a developers 's build with the pinky promise that no malware was added when they compiled there code.

    The loose requirements are a feature, not a bug; things like a low API target level are why Termux still works on F-Droid but not on GPlay. This does pose some privacy risks because of API compatibility stuff, but because of the requirements for an app to be even listed on there, the impact is minimal.

    Should F-Droid improve their technical debt? Definitely. Does any of this pose an actual risk to users? Definitely not.

    • c0mmando@links.hackliberty.org
      link
      fedilink
      arrow-up
      9
      arrow-down
      20
      ·
      1 year ago

      Doesn’t affect the end user… beyond diminished security. Are you implying I should trust Fdroid devs as much as I would trust Google devs?

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        27
        arrow-down
        3
        ·
        1 year ago

        What diminished security, though? “Apps you can install may be evil” is true of any software repository, whether it’s the Microsoft Store or Steam.

        You should trust the devs of anything you install as much as the Google devs. Not just the devs of the app store itself, also the devs behind the apps these stores serve.

        If you don’t trust them, don’t use their product. Not trusting a third party is one of the major reasons F-Droid is even a thing, because Google can’t exactly be trusted to have your best interests in mind with their app store.