🩵 A free, open-source app store for developers' releases on GitHub, Codeberg & Forgejo — browse, discover, and install apps with one click. Formerly GitHub Store. - kurikomi-labs/komi-store
While I understand that less is more mentality here; but Obtainium doesn’t just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.
FDroid’s official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it’s not the default flow. To use a recent example, it’s like comparing the Arch official repos to AUR.
Not that there isn’t value in a tool that can download apps for you from GitHub, but it’s not really fair to compare that to F-Droid. You’re generally safer on F-Droid’s official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.
In that case, both FDroid and the browser are intermediaries and potential attack vectors. You go through the same number of middlemen. One just verifies the packages for you.
If you have tunnel vision, then sure. In fact, it’s just as comparable as downloading from realappmirror.ru where you have the same number of intermediaries.
I don’t see the point then. I can install direct from GitHub if I want that. I don’t want a random intermediary that’s another possible attack vector.
While I understand that less is more mentality here; but Obtainium doesn’t just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.
One could say the same about the FDroid app.
FDroid’s official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it’s not the default flow. To use a recent example, it’s like comparing the Arch official repos to AUR.
Not that there isn’t value in a tool that can download apps for you from GitHub, but it’s not really fair to compare that to F-Droid. You’re generally safer on F-Droid’s official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.
It’s completely fair to compare on the qualities which were specified.
The qualities that were specified were security. Do you plan to actually explain how both FDroid and random GitHub downloads are equally insecure?
The qualities that were specified was the ability to install the apps through the browser without the “attack vector” of an app installer.
In that case, both FDroid and the browser are intermediaries and potential attack vectors. You go through the same number of middlemen. One just verifies the packages for you.
So you agree that they’re comparable?
If you have tunnel vision, then sure. In fact, it’s just as comparable as downloading from
realappmirror.ruwhere you have the same number of intermediaries.