Still seeing posts from Lemmy about how @fdroidorg doesn’t have @newpipe in sync.
They have an official repo. That will fix the problem.
Still seeing posts from Lemmy about how @fdroidorg doesn’t have @newpipe in sync.
They have an official repo. That will fix the problem.
Correct me if this is wrong, but from my understanding switching to their repo means no longer being behind F-Droid’s source code match guarantee, or seeing anti-features and all that stuff. Granted, I already gave that up for Bitwarden so I admit it’s a bit hypocritical, but much of the value of a centralized F-Droid is the main repo’s curation process - circumventing it is a workaround, not a solution.
Edit: I also worry about the possibility - however remote - of downloading new apps thinking they’re from the F-Droid repository, when they are in fact from some alternate repository I’m using. I already worry about this with Bitwarden, and each repo I add is another potential vector for this. Perhaps I’m overthinking this, but I’m thinking if too many popular apps make their own F-Droid repos, this might become a real threat.
@NeatNit
The other problem is trusting a centralized service implicitly. That’s how people keep getting their login information exposed from Fakebook.
gotta trust someone at some point
@NeatNit
Yeah, why not make it the people it comes from?
In the general case: because placing all your trust in one place leaves no one else to check their work. You have to place some trust in the app developer (this is always true) but having a middleman can have benefits. For example, if an app starts using proprietary blobs - either deliberately or without realising - then F-Droid’s pipeline and/or maintainers would likely catch it and have it resolved. If there’s no one else to check such nitty-gritty details, that leaves more room for error.
In the specific case of Newpipe: it’s probably fine, but I’d prefer not to make a habit of it.
@NeatNit
Another benefit to having the official repo is that you can toggle it off if Newpipe ever goes down the same path as, say, Simple Mobile Tools (sells to an adtech company).
This is just another benefit of a centralised repo: I can’t keep track of all the news about all the companies whose apps I use. A strong community of repo maintainers will do a much better job of blocking updates or removing apps entirely when they go rogue than each user fending for themselves could ever do.