F-Droid

8002 readers

42 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago

MODERATORS

fossdd@lemmy.ml

testman@lemmy.ml

110

F-droid is working on locking down (f-droid.org)

submitted 1 year ago by possiblylinux127@lemmy.zip to c/fdroid@lemmy.ml

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] incogtino@lemmy.zip 3 points 1 year ago (1 children)

Yes, that video is primarily complaining about F-Droid self-signing, and that it creates: a requirement to trust them; a single point of failure for security; and slows updates

The trade off is that developers must maintain their key, if they lose it the user must uninstall and reinstall the app, as Android will not trust an update signed with a different key

[–] Nakres@lemmy.one 2 points 1 year ago (1 children)

What alternative does the video promote? Trusting Google and the Playstore? Trusting each dev of every app to deliver apks which match the code? I don't want to give the video more clicks if it's scaring away people from F-droid towards worse alternatives.

[–] incogtino@lemmy.zip 1 points 1 year ago (1 children)

No need to click, it complains about exactly what has now been changed. In essence you are always trusting the dev, why add other parties to that chain

[–] Nakres@lemmy.one 1 points 1 year ago

Wrong, if you are using F-droid, you aren't trusting the dev, you are trusting F-droid and the source code, the dev CAN NOT give you an app that doesn't match the code, and the code can be seen and reviewed by anyone.