I came to the idea to add more because infinity for lemmy/eternity points to a different source than the official f-droid sources

  • QuazarOmegaA
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Just a note that I think is rather important from both a security and privacy perspective: until F-droid is the only one that requires reproducible builds, the value in the other repositories is just being able to get apps that haven’t landed on F-droid proper yet.

    I was bit in the back in the past by a non fully open source app that went on Izzy’s repo and it contained malware (that wasn’t the open source part 🫠), it was pulled off later, but unfortunately the F-droid software doesn’t account for marking as dangerous an app that is removed from the database altogether, so as a user you’d just have to figure out yourself what the heck has happened, if an app suddenly disappears. Now that specifically applies to generalist repos, when you use the official repo of an app it’s just that they could act shadily themselves and either way you could use Obtainium at that point