It's frankly embarrassing how many of the comments on this thread are some version of looking at the XKCD "dependency" meme and deciding the best course of action is to throw spitballs at the maintainers of the critical project holding everything else up.

▲

charcircuit 10 hours ago | parent | next [-]

F Droid is no where near being a critical project holding Android up. The Play Store, and the Play Services themselves are much more critical. Being open source doesn't make you immune from criticism for not following industry standards or being called out for poor security.

▲

drnick1 9 hours ago | parent | next [-]

> The Play Store, and the Play Services themselves are much more critical.

Critical for serving malware and spyware to the masses, yes. GrapheneOS is based on Android and is far better than a Googled Android variant precisely because it is free of Google junk and OEM crapware.

	▲	charcircuit 3 hours ago \| parent [-]
		The internet itself is also critical for serving malware and spyware, but that doesn't mean that the internet is garbage. Google invests much more into removing malicous apps from the app store than fdroid does.

▲

lucb1e 9 hours ago | parent | prev [-]

If you have nothing to install on your device, what's the point of being able to? For me, f-droid is a cornerstone in the android ecosystem. I could source apks elsewhere but it would be much more of a hassle and not necessarily have automatic updates. iOS would become a lot more attractive to me if Android didn't have the ecosystem that's centered around the open apps that you can find on f-droid

	▲	charcircuit 3 hours ago \| parent [-]
		>If you have nothing to install on your device >I could source apks elsewhere Do you or do you not have apps you want to install?

▲

wtallis 12 hours ago | parent | prev | next [-]

At the very least, it's reasonable to expect the maintainers of such a project to be open about their situation when it's that precarious. Why wouldn't you take every opportunity to let your users and downstream projects know that the dependency you're providing is operating with no redundancy and barely enough resources to carry on when things aren't breaking? Why wouldn't they want to share with a highly technical audience any details about how their infrastructure operates?

▲

tcfhgj 12 hours ago | parent [-]

> when it's that precarious

assumptions

	▲	wtallis 12 hours ago \| parent [-]
		They're building all the software on a single server, and at best their fallback is a 12 year old server they might be able to put back in production. I'm not making any unreasonable assumptions, and they're not being forthcoming with any reassuring details.

▲

stefan_ 9 hours ago | parent | prev [-]

I think both of those POVs are wrong. The whole thing about F-Droid is that they have worked hard on not being a central point of trust and failure. The apps in their store are all in a repo (https://gitlab.com/fdroid/fdroiddata) and they are reproducibly built from source. You could replicate it with not too much effort, and clients just need to add the new repository.