• ono@lemmy.ca
    link
    fedilink
    English
    arrow-up
    12
    ·
    10 months ago

    If new versions don’t make it to F-Droid, they might as well not exist for me. There are only a couple of apps that I find important enough that I’ll spend time manually building/pulling/installing, and a Lemmy reader isn’t one of them. Thanks for the tip, though.

      • ono@lemmy.ca
        link
        fedilink
        English
        arrow-up
        17
        ·
        10 months ago

        Part of what I value in F-Droid is the additional layer in the build/release process, because it makes tampering more likely to be detected.

        It’s still nice to know a tool like obtanium exists, though. Thanks for the link.

        • jacktherippah@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          10 months ago

          This is exactly the reason why I don’t like F-Droid as a way to get apps. You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind. I prefer to get it straight from the developer’s GitHub or Coderberg or whatever.

          • ono@lemmy.ca
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            10 months ago

            You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind.

            I know how it works, and in this case, that’s fine with me.

            F-Droid has an excellent track record; better than many developers have. And I’m not addicted to having the latest versions of everything on the day they’re released. In fact, not immediately jumping on the latest versions has saved me from nasty bugs more than once.

            • FutileRecipe@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              10 months ago

              N + X - Y ? N

              Except now you’re adding an additional party to trust (the -Y). So it could still be considered less secure than N.

              • ono@lemmy.ca
                link
                fedilink
                English
                arrow-up
                3
                ·
                10 months ago

                So it could still be considered less secure than N.

                It could be, or it could not be. Depends on the particulars, and on the needs of the individual.

                Mind, I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing. I’m just stating what’s a good fit for me.

                • FutileRecipe@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  10 months ago

                  Depends on the particulars, and on the needs of the individual.

                  That’s not really how things like security works. It’s either more secure or it’s not. The security of a thing does not depend on needs. Now, does the application of it or does someone need it to be more secure? That’s where risk acceptance and the needs of the individual come into play.

                  I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing.

                  Same. I’m not saying “stop doing this.” I’m just trying to educate people and make sure they’re not operating with a misunderstanding. Needs of the individual and all that. I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

                  • ono@lemmy.ca
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    10 months ago

                    Depends on the particulars, and on the needs of the individual.

                    That’s not really how things like security works.

                    If that were true, threat modeling wouldn’t exist. ;)

                    I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

                    I expect that’s probably true. It’s safe to assume I’m not one of them, though. Cheers.