On the importance of F-Droid, an Android app store (rocket9labs.com)

submitted 2 days ago by trevor@lemmy.ml to c/opensource@lemmy.ml

14 comments fedilink hide all child comments

top 14 comments

sorted by: hot top controversial new old

[-] beyond@linkage.ds8.zone 35 points 2 days ago* (last edited 2 days ago)

I'll be "that guy":

F-Droid is a software repository, not an app store. The distinction is subtle but important. A software repository offers a community-curated collection of software packages whereas an app store is just a marketplace for software developers to offer products to end-users. A software repository serves the interests of its community first, whereas an app store is merely a means for developers to sell products to end-users.

[-] trevor@lemmy.ml 3 points 2 days ago

F-Droid is more of a marketplace for software developers than it is a set of community curated apps. The requirement for F-Droid software to be open source is just a guideline/rule like the minimum target API level on the Google Play Store. F-Droid is a neutral platform in my observations over the couple of years I have published there, and does not curate its content.

[-] chebra@mstdn.io 16 points 2 days ago

@trevor What are you talking about? If they can't build it themselves without proprietary stuff, then it doesn't get published. That's not a mere "guideline".

[-] trevor@lemmy.ml -1 points 2 days ago

If your app doesn't meet the target minimum API level on the Google Play Store, then it doesn't get published. It's just as much of a guideline, so I don't think this is really relevant to the point of the article.

[-] chebra@mstdn.io 6 points 2 days ago

@trevor People in lemmy open-source community not seeing the relevancy of the open-source guarantee of F-Droid... SMH

[-] GolfNovemberUniform@lemmy.ml 9 points 2 days ago

Oh man I see so much criticism of F-Droid's policies incoming...

[-] pavokk@lemmy.dbzer0.com 7 points 2 days ago

Is there anything controversial about them?

[-] beyond@linkage.ds8.zone 14 points 2 days ago

There are those who believe that F-Droid's role as a "middle man" vetting and building packages from source instead of blindly shipping builds provided by upstream makes it a security risk, because you're trusting F-Droid in addition to (some say instead of) the upstream developer. Perhaps telling is that none of these critics can offer an alternative solution.

Before anyone mentions Obtainium and Accrescent, these are not alternatives to F-Droid, they solve completely different problems.

[-] floofloof@lemmy.ca 18 points 2 days ago* (last edited 2 days ago)

It would be a single point of failure for many apps in case the curators of F-Droid were dishonest or hacked. They could insert bad things into lots of packages without having to change the public source code. But it also becomes the only point where malware or backdoors could be inserted that way, instead of having to trust every single developer to build honestly off the source code, which we'd have to do if they just stuck prebuilt binaries up there. I don't know how rational I'm being, but it makes me trust F-Droid apps more that they build each one themselves.

[-] Swedneck@discuss.tchncs.de 5 points 1 day ago

also worth pointing out that fdroid supports reproducible builds, which helps quite a bit with being trustable.

[-] stationary_melon@lemmy.ml 6 points 2 days ago

I personally like F-Droid's vetting process. It's true that updates always arrive a few days later, but you can be sure they don't contain any malicious code. Furthermore, they specify all of the antifeatures a program has, which makes it easier to avoid them. If you want faster updates, you can always download a program through Obtanium.

[-] trevor@lemmy.ml 1 points 2 days ago* (last edited 2 days ago)

I am not an F-Droid maintainer, but as far as I know the code is not vetted by F-Droid after the initial app submission process. Updates are pulled in, built and distributed automatically. The long delay is just because there are a lot of apps to build, and F-Droid is a volunteer-run operation.

[-] stationary_melon@lemmy.ml 4 points 2 days ago* (last edited 2 days ago)

I had no idea. Thanks for telling me! In that case, im going to try to use the ones from IzzyOnDroid if avaliable

Edit: According to their docs, they do take some special security measures and I couldn't find a case of an app offered on FDroid which had malware.

[-] GolfNovemberUniform@lemmy.ml 1 points 2 days ago* (last edited 2 days ago)

For those who don't like them, yes.

this post was submitted on 01 Oct 2024

88 points (97.8% liked)

Open Source

30500 readers

461 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml