It’ seems a kind of trust colision. RikkaApps do not trust fdroid and fdroid do not trust RikkaApps.
I fully support this thinking! I think it’s Important to have a solution that acknowledge this and find a way to work that way. In my opinion this thinking should be the base on as many as possible OpenSource apps.
Trust is good control is better.
I’m not sure If I see it right but may the problem could be solved if RikkaApps and fdroid could create a Reproducible build.
If the content of the source code does not have to be modified by fdroid. Then a Reproducible Build should be possible?
If so, and fdroid could verify that the File from GitHub and the file from fdroid is identical. It should not be a problem.
Yet it passes itself off as Apache-2 licensed in the actual LICENSE file, and hence GitHub claims it is Apache-2 licensed. I would consider this fraudulent on the part of Shizuku’s developer(s).
I don’t know if IzzyOnDroid detects the license from GitHub or if it has to be manually configured, but either way, if IzzyOnDroid is distributing fake FOSS then it raises a serious question as to the credibility of IzzyOnDroid. Izzy is in that github thread suggesting this as a “compromise” so he must surely be aware that Shizuku is not really Apache-2 licensed.
Sure, but that’s what I expect from that repo: software that is mostly free except for some blobs, or for whatever reason doesn’t meet F-Droid’s standards - Firefox, for example. Even though Firefox contains non-free bits, I still have the four freedoms with the main codebase and can remove said non-free bits to get a liberated Firefox.
Shizuku isn’t free software that depends on a non-free library, Shizuku itself is non-free. If you removed all the non-free bits from Shizuku you have nothing left.
To be clear, I’m not necessarily objecting to Izzy providing Shizuku in his repo; he has the prerogative to do so. I just think it shouldn’t be classified as Apache-2 licensed when it is actually under a non-free license (to be fair, I’m pretty sure his tooling is just grabbing that license metadata from GitHub - I’m not accusing him directly of anything nefarious). It should be noted, however, that as non-free software it currently doesn’t meet his own inclusion standards either.