I have a question about the updates procedure, as I think I’ve misunderstood how it works.
I thought what happened for apps already on the store was that when developers update the app git, it’s run through some kind of checking procedure, then the update is sent out at the next opportunity. The recent issue* where a developer submitted multiple invalid updates to all of their apps wouldn’t make sense if it’s being checked either by automation or by a person, so this mustn’t be accurate.
This isn’t meant as a passive-aggressive criticism, to be clear! I’m very thankful for the time and effort that is put into curating F-Droid. There will always be edge cases, liability lies with the user, and - aside from the slight alarm of some creepypasta-looking app appearing in my apps list - there wasn’t any harm done. I would just like to understand the process a bit better!
Just making sure I have it right - once an app is accepted to the store, updates are accepted without further approval?
I don’t know how to word myself here without sounding very rude.
I really do believe it’s on the user if they, you know…mindlessly accept weird updates at 3am then immediately forget about it Nobody to blame but myself!
Depends on app, if they can have autoupdates, but those that do, yes.
Being open source does not fix all the other issues of trust in the developer, and that’s between you (the user) and them. F-Droid intermediates the APK packages, they’re checked for deps issues, trackers, etc but not for content, we’d need a team 10-50x as big to do that.
At >3700 apps, we get flack for having slow updates, now we gettin’ it for too fast?
You say here “multiple invalid updates”. However, as far as the android system is concerned, all these updates were valid. They contained the same package name and an increased version number.
I sadly don’t know any way to prevent this except for making us manually review each app update which we really don’t have enough team members for. The updates were valid as far as Android was concerned and there was no malware or non-free dependencies in the code, so I can’t think of any automatic scan that could’ve prevented this.
I can’t think of any other way I can communicate I was just asking a single question.
This entire thread, all I’ve done is add caveat after caveat, trying as hard as possible to make it clear that I’m not questioning F-Droid’s decisions or policies. I eventually got the answer, I marked the question as solved, and even asked if I should close the thread.
I repeated over and over that it isn’t a snide criticism or an attack.
I’ve repeated over and over that I think the liability is with the user.
My original post shows that I know that this was an edge case and that it didn’t cause any real harm.
I’m not questioning the decision. I’m not disagreeing with F-Droid’s processes. I’m not implying anything is wrong with them. I do not think it is wrong. I am concretely and genuinely in favour of the F-Droid approval processes because I trust the team to know what’s best for the project. I’m not demanding explanations. I’m highly aware that I don’t know the terminology or semantics or technical details or other general knowledge. I’m not offering suggestions. I’m not demanding implementations. I emphatically conveyed this was not a hostile or aggressive or argumentative question.
I. did. not. want. an. argument.
What else do you want me to say?
Have a good day and thank you both for your work on the F-Droid project.
I wasn’t trying to argue, I was just hoping someone would know a way we could’ve prevented this because I really don’t know of any myself and I would’ve loved this situation to be prevented. Sorry if I made you feel argued against.
Nobody to blame but myself!
