🩵 A free, open-source app store for developers' releases on GitHub, Codeberg & Forgejo — browse, discover, and install apps with one click. Formerly GitHub Store. - kurikomi-labs/komi-store
Nothing relevant to this app. But FDroid only has apps that have been submitted to it. This allows installation and updates of any apps with releases published to GitHub.
While I understand that less is more mentality here; but Obtainium doesn’t just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.
FDroid’s official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it’s not the default flow. To use a recent example, it’s like comparing the Arch official repos to AUR.
Not that there isn’t value in a tool that can download apps for you from GitHub, but it’s not really fair to compare that to F-Droid. You’re generally safer on F-Droid’s official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.
In that case, both FDroid and the browser are intermediaries and potential attack vectors. You go through the same number of middlemen. One just verifies the packages for you.
What’s wrong with F-droid?
Nothing relevant to this app. But FDroid only has apps that have been submitted to it. This allows installation and updates of any apps with releases published to GitHub.
I don’t see the point then. I can install direct from GitHub if I want that. I don’t want a random intermediary that’s another possible attack vector.
While I understand that less is more mentality here; but Obtainium doesn’t just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.
One could say the same about the FDroid app.
FDroid’s official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it’s not the default flow. To use a recent example, it’s like comparing the Arch official repos to AUR.
Not that there isn’t value in a tool that can download apps for you from GitHub, but it’s not really fair to compare that to F-Droid. You’re generally safer on F-Droid’s official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.
It’s completely fair to compare on the qualities which were specified.
The qualities that were specified were security. Do you plan to actually explain how both FDroid and random GitHub downloads are equally insecure?
The qualities that were specified was the ability to install the apps through the browser without the “attack vector” of an app installer.
In that case, both FDroid and the browser are intermediaries and potential attack vectors. You go through the same number of middlemen. One just verifies the packages for you.