Do our Android recommendations have to be in the official F-Droid repository? #1201

New Issue

2019-08-22T21:43:06Z

Mikaela commented

2019-08-22 21:43:06 +00:00

(Migrated from github.com)

This concern was rised in #1132 where I commented:

I can understand the desire of having app in the official F-Droid repository as it helps with discoverability and is a confirmation that the app fulfils their recommendations, but I think decentralization is also worth thinking about and that it's not desirable for everything to be centralized only on the official F-Droid repo.

This issue also affects #1187 (& #1200) which aren't in the official F-Droid repository, but has its own repository. I think we also list Bitwarden that is in the same situation.

See also: #338.

This concern was rised in #1132 where I commented: > I can understand the desire of having app in the official F-Droid repository as it helps with discoverability and is a confirmation that the app fulfils their recommendations, but I think decentralization is also worth thinking about and that it's not desirable for everything to be centralized only on the official F-Droid repo. This issue also affects #1187 (& #1200) which aren't in the official F-Droid repository, but has its own repository. I think we also list Bitwarden that is in the same situation. See also: #338.

blacklight447 commented

2019-08-22 23:07:56 +00:00

(Migrated from github.com)

First of all, we would need to decide whether this only cover the official f-droid repo, or being installable from any fdroid all repo.

In any case though, while I would see being on fdroid is a big bonus, I would not make it a requirement, as it would have the potentional to exclude some really good apps just for not being on fdroid.

First of all, we would need to decide whether this only cover the official f-droid repo, or being installable from any fdroid all repo. In any case though, while I would see being on fdroid is a big bonus, I would not make it a requirement, as it would have the potentional to exclude some really good apps just for not being on fdroid.

👍 3 ❤️ 1

Mikaela commented

2019-11-24 08:38:08 +00:00

(Migrated from github.com)

Judging by the three 👍 to the previous comment, I guess our policy which just needs committing, is:

The app doesn't need to be in the official f-droid repo, but it's a plus.

@privacytoolsIO/editorial further thoughts?

Judging by the three :+1: to the previous comment, I guess our policy which just needs committing, is: > The app doesn't need to be in the official f-droid repo, but it's a plus. @privacytoolsIO/editorial further thoughts?

dngray commented

2019-12-02 01:24:59 +00:00

(Migrated from github.com)

F-Droid is a distribution mechanism.

thinking about and that it's not desirable for everything to be centralized only on the official F-Droid repo.

Technically it isn't centralized. There are f-droid mirrors.

The advantage of being in the official F-droid repository is that it must be open source and able to be built from that source. In addition to that there is some tracking on anti-features, which may not be the case in a third party repository.

Then there is the reproducible builds initiative. It is more desirable for the software to be in F-Droid and reproducible than in a third party repository and not be reproducible. You can see the recent builds from their wiki.

Also note that with Google Play, Google can push updates to you, whenever they want. Could select targets get a certain update that nobody else gets? Sure, you've got a set of login credentials attached to that software distribution center.

F-Droid is a distribution mechanism. > thinking about and that it's not desirable for everything to be centralized only on the official F-Droid repo. Technically it isn't centralized. There are f-droid mirrors. The advantage of being in the official F-droid repository is that it must be open source and able to be built from that source. In addition to that there is some tracking on anti-features, which may not be the case in a third party repository. Then there is the [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html) initiative. It is more desirable for the software to be in F-Droid and reproducible than in a third party repository and not be reproducible. You can see the [recent builds from their wiki](https://f-droid.org/wiki/page/Main_Page). - https://f-droid.org/en/docs/Build_Server_Setup/ - https://en.wikipedia.org/wiki/Deterministic_compilation - https://reproducible-builds.org/ Also note that with Google Play, [Google can push updates to you](https://drewdevault.com/2018/08/08/Signal.html), whenever they want. Could select targets get a certain update that nobody else gets? Sure, you've got a set of login credentials attached to that software distribution center.

This repo is archived. You cannot comment on issues.