Still seeing posts from Lemmy about how @fdroidorg doesn’t have @newpipe in sync.

They have an official repo. That will fix the problem.

  • NeatNit@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    10 months ago

    They have an official repo. That will fix the problem.

    Correct me if this is wrong, but from my understanding switching to their repo means no longer being behind F-Droid’s source code match guarantee, or seeing anti-features and all that stuff. Granted, I already gave that up for Bitwarden so I admit it’s a bit hypocritical, but much of the value of a centralized F-Droid is the main repo’s curation process - circumventing it is a workaround, not a solution.

    Edit: I also worry about the possibility - however remote - of downloading new apps thinking they’re from the F-Droid repository, when they are in fact from some alternate repository I’m using. I already worry about this with Bitwarden, and each repo I add is another potential vector for this. Perhaps I’m overthinking this, but I’m thinking if too many popular apps make their own F-Droid repos, this might become a real threat.

          • NeatNit@discuss.tchncs.de
            link
            fedilink
            arrow-up
            1
            ·
            10 months ago

            In the general case: because placing all your trust in one place leaves no one else to check their work. You have to place some trust in the app developer (this is always true) but having a middleman can have benefits. For example, if an app starts using proprietary blobs - either deliberately or without realising - then F-Droid’s pipeline and/or maintainers would likely catch it and have it resolved. If there’s no one else to check such nitty-gritty details, that leaves more room for error.

            In the specific case of Newpipe: it’s probably fine, but I’d prefer not to make a habit of it.

              • NeatNit@discuss.tchncs.de
                link
                fedilink
                arrow-up
                1
                ·
                10 months ago

                This is just another benefit of a centralised repo: I can’t keep track of all the news about all the companies whose apps I use. A strong community of repo maintainers will do a much better job of blocking updates or removing apps entirely when they go rogue than each user fending for themselves could ever do.