It wants me to uninstall and reinstall since the signature of different, which makes sense as it from a different source, but it doesn’t mention anything in the changelog.

  • @chris2112
    link
    51 year ago

    Interesting, I was not aware of that. sounds like a security risk, as you don’t know who actually published it, but I guess since its open source that doesn’t really matter as much

    • @[email protected]
      link
      fedilink
      101 year ago

      It’s actually the opposite, an evil developer could upload in GitHub an apk with malware not included in the source, while fdroid guarantees that it matches with the source published

    • @[email protected]
      link
      fedilink
      81 year ago

      You know who published it. It’s the fdroid devs. Fdroid follows very much the old Linux repository philophosy where the owner of the repo acts as a middleman, providing the central layer of trust. You don’t have to trust the developers because the distributor has done their due diligence and checked it. That’s why fdroid takes a couple of days to push updates. They are doing some basic quality control first.

      This model made a lot of sense in the world of traditional Linux packaging, where every obscure distribution has their own package format and developers couldn’t possibly be expected to support all of these. It makes less sense on Android (or in a word where flatpak exists for that matter).

      • @[email protected]
        link
        fedilink
        2
        edit-2
        1 year ago

        It makes less sense on Android

        Quite the opposite. From the user perspective, it’s much easier to trust the repository than trusting every single developer not losing their password. In case of OSS it also ensures reproducible builds.

    • Ɀeus
      link
      11 year ago

      i believe it’s to make sure that the source code actually builds to the promised app, which i guess you could check yourself but fdroid makes it easier