> F-Droid insists on building the APKs for the apps.
You could say that OpenAPK blindly redistributes whatever APK upstream is peddling whereas F-Droid builds from source. I see the merits of both systems but prefer reproducible builds so that we can have the best of both worlds
It's a reason why I don't really trust signal. They don't want to be recompiled by 3rd party. You must either trust them (or the app stores, which isn't better) or go through the hassle of figuring out how to build it yourself.
It's fairly reasonable to discourage people from using random third-party compiled signal variants though. If you can't figure out building it yourself, using the official one will probably be safer.
Not trusting signal's build and building it yourself is a reasonable thing to do.
Not trusting signal's build and then turning around and trusting some third party build seems strange. The official build probably has more eyes on it, and signal has more reputation to lose.
You don't need to run the binaries at all if you don't want, you can just get the standard VPN configs and use your OS's network stack. You won't get all the fancy features, but otherwise it works fine.
Shizuku's license disallow 3rd party recompilation of the APK, fork or not. Presumably this is done to provide an option to legally takedown fake Shizuku which could contains backdoor. (The original APK is redistributable) Hence Shizuku is not on F-Droid.
F-Droid, however, allow the developer's binary to be reproduced if they have tested that the APK is reproducible when replacing the APK's signature with the original APK.
It allows recompilation, just not using the official logo. Similar to Firefox in Debian kind of issue.
Reproducible builds would allow distributing Shizuku in F-Droid, that’s correct. (If Shizuku banned third party builds by the means of code license, it would not be FOSS and thus wouldn’t be eligible for inclusion in F-Droid altogether.)
Well, for starters it is just a whole lot less work and money to distribute and maintain binaries up from the distributers' side, for the developers it comes down to a lower-barrier of entry to not have to adjust their workflow to whatever x platform may demand for building on their servers and in the end that gives the users more choices to work with. Of course, this is all in a perfect world where the chain of trust isn't broken so easily, which isn't an easy feat but given platforms like Windows thrive in spite of it, it is probably not as bad as many people may think.
All of that said, not particularly speaking for OpenAPK here, given their motives seems rather unclear to me. If I am to be charitable, I guess they're just trying to provide a different platform than f-droid for discoverability, but for whatever reason they seem to be marketing the distribution-side of things more which is just odd to me, but alas.
> given platforms like Windows thrive in spite of it, it is probably not as bad as many people may think.
There is a lot of extra work done behind the scenes to "thrive in spite of it". Windows Defender (built into Windows after XP) has to periodically download updated virus definitions and always scans programs for potential malware, and still can't catch them all.
F-Droid can also redistribute the signed upstream APK. The requirement for that is that the build is reproducible.
This is the best of both worlds because the distributor (F-Droid) verifies that the published source matches the binary but does not possess the private key to sign the APK. This means the distributor cannot push a backdoored binary blob at some later date.
After reading the issue you linked I came away very strongly in favor of continuing to use F-Droid. Why would I want to switch to an alternative distributor whose policies would permit the WireGuard devs "I don't want to provide a clear explanation to end users" antics? (Of course I happen to trust the WireGuard maintainer, but individual cases should generally be irrelevant when setting policy.)
I am impressed to see the F-Droid maintainers sticking to their principles.
I haven’t taken more than a glance at the linked site so I don’t know if it’s better in this way, but I’ve always found F-droid difficult to navigate. It’s got a lot of junk, too. The bulk of its utility for me has been for installing apps that I’ve become aware of elsewhere.
I frequently learn of useful apps through its updated/new section that you see when opening the app. Back in the day when it didn't have this I used to scroll through all the categories - the catalogue was small enough to do this.
I wish the updated/new section would filter "update spam" better, but right now it works for app discovery, without requiring f-droid to collect usage data. The search function sorting by "recently updated" also helped a lot in finding well supported apps.
There's a lot of room for improvement of the search function though.
It's got a Search section for looking up new apps, and an Updates section for maintaining already installed ones. There's nothing else I need nor want from an "appstore".
The only gripe I have is that screenshots on individual apps pages can sometimes be slow to download, but that gripe is so small I'm looking at it through a microscope. :)
