The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
Well, it’s fun that they mention F-Droid, because the maintainers are bullies who bully their contributors and generally act very unpleasant. They like to make new rules on the spot.
I abandoned using the project altogether, not someone I want to support.
And personally, I prefer good reasoning over good rules. If something comes up that is a bad idea but there’s no existing rule against it, the rules should be changed to address it. As long as the reasoning is sound, I think it’s a good thing, especially when we’re talking about something like a software distribution platform as opposed to say laws that determine freedom or imprisonment.
If you really want to have it available on F-Droid, you can always put it in a separate repository. So I can see it being annoying that they reject it from their repo, but there’s still a reasonable path forward.
Seems to me like they’ve done a pretty good job keeping their store free of malicious apps, I’ve never heard of any breaches like I have of every other store including Snap and Flatpak.
Maybe they’re pissing some people off in the process, but maybe it’s the right people to piss off. They’ve been able to hold it together in the FOSS app space better than most.
While we’re calling out bastard operators from hell, I’m fucking shocked that OpenUserJS is still around. I don’t think the guy who runs it has theory-of-mind. If he posted something, he assumes you saw it, at that moment.
Well, it’s fun that they mention F-Droid, because the maintainers are bullies who bully their contributors and generally act very unpleasant. They like to make new rules on the spot.
I abandoned using the project altogether, not someone I want to support.
What rules?
That apps published there can’t be wrappers around a web application.
Good rule, those should be web addresses, not apps. Or even better, native applications rather than web apps, but it does depend on the context.
Eh… why? More to the point, it’s not mentioned anywhere in their guidelines, it was made up on the spot by the fella doing the code review.
They are inefficient and bloated.
And personally, I prefer good reasoning over good rules. If something comes up that is a bad idea but there’s no existing rule against it, the rules should be changed to address it. As long as the reasoning is sound, I think it’s a good thing, especially when we’re talking about something like a software distribution platform as opposed to say laws that determine freedom or imprisonment.
Also if you’ve made a web app, let it be installed as a web app. Both FF and Chrome let you install web apps in one click.
Inefficient and bloated describes 90% of all apps I’ve ever seen, regardless of technology used, so I fail to see your point.
If you really want to have it available on F-Droid, you can always put it in a separate repository. So I can see it being annoying that they reject it from their repo, but there’s still a reasonable path forward.
Well, I have the app on Google Play store, which was originally meant to be the alternative, now it’s the main store.
What’s a wrapper in this context?
An app that’s just WebView?
Not WebView, but a so-called TWA, aka Trusted Web Activity, a features specifically designed to wrap PWAs and give them full-blown app capabilities.
What additional capabilities does that give the app beyond using Firefox or Chrome to install it as a PWA?
Seems to me like they’ve done a pretty good job keeping their store free of malicious apps, I’ve never heard of any breaches like I have of every other store including Snap and Flatpak.
Maybe they’re pissing some people off in the process, but maybe it’s the right people to piss off. They’ve been able to hold it together in the FOSS app space better than most.
While we’re calling out bastard operators from hell, I’m fucking shocked that OpenUserJS is still around. I don’t think the guy who runs it has theory-of-mind. If he posted something, he assumes you saw it, at that moment.