Part of our inclusion process is asking the upstream app dev for permission, and they can specify a different Application ID, for example, f-droid.org/packages/com.c
Conversation
I also agree that there should be less signature conflicts in the Android ecosystem, but I disagree using Google Play is a solution. The complete solution the F-Droid community is providing is #ReproducibleBuilds with developer's own signature.
2
Google Play controls the app signing keys now, so that breaks the real solution of developer controlled keys combined with #ReproducibleBuilds. Amazon does it even worse: they force-resign all APKs that developers upload.
1
But wouldn't it be better to prefix the app ids of non reproducible builds on f-droid with something? That would resolve all problems caused by f-droid at least...
2
Their 'reproducible' builds are broken since they use an outdated build environment and aren't able to keep up with the modern platform. All that will happen is that they're unable to ship updates unless app developers go out of the way to try to keep their broken infra working.
1
1
They already have massive issues keeping up with updates and leave users with broken and insecure apps for long periods of time. Blocking updates based on fixing their poorly maintained infrastructure and debugging future issues with it is only going to make this worse.
1
1
F-Droid has done little to nothing to address blatant security issues with their app / infrastructure / services, the involvement of untrustworthy people with a history of malicious behavior or the problematic mismatch between their approach and the platform's app source model.
1
1
The sooner it's replaced by trustworthy infrastructure and developers, the better. It's a legacy project that has held back the open source Android ecosystem for years and does a massive disservice to it. It has blocked the development of far better systems for distributing apps.
1
1
I agree with most of your posts, but why do you think F-Droid devs are untrustworthy or even malicious?
1
Several of their core developers have been heavily involved in targeting me with libel/bullying/harassment and were involved in organizing multiple raids on our chat rooms and our issue tracker.
would happily sell people out to benefit themselves and likely will.
1
1
I've seen how they've done highly unethical things in order to benefit themselves. They're entirely willing to stab people in the back and sell them out for their own benefit. Not something they're going to stop doing and in the long term people who trust them will regret it.
Can share screenshots and logs showing highly abusive behavior including several of their core developers engaging in long term, vicious bullying targeting me in response to talking about what's wrong with software, along with other long-term malicious and underhanded behavior.
1
1
Show replies