Is there a general list of reasons? Even better, a list for each known repo in the list? Could we add it (how difficult)?
Not all are fully open source.
Not all devs care about the main repo.
No one made a Request For Packaging for those apps.
1 Like
I would like to see, in f-droid client:
- reminder display for each app installed from non-main repo, showing which repo it came from.
- warnings list for âfeatures you may not likeâ for apps from non-main repos, similar to borderline (?) apps from main repo (e.g. osmAnd).
Already available, press versions, press the arrow
Thatâs in the metadata, F-Droid the client, can only show what the repo owner put in that metadataâŚnothing more.
Already available, press versions, press the arrow
Thatâs buried too deep, IMO, but true, itâs there.
Thatâs in the metadata, F-Droid the client, can only show what the repo owner put in that metadataâŚnothing more.
The client could at least show a generic warning, because itâs pointing to a âforeignâ repo. Iâd like being reminded during app installs or updates and when looking at app descriptions.
Itâs not âa foreign repoâ to you, I donât get the point. Who forced you to add the repo exactly?
âWe donât even allow you to install other applications from the repository that track you, unless you first enable âTrackingâ in the AntiFeatures section of preferences.â About | F-Droid - Free and Open Source Android App Repository
FYI, minor detail: I donât see this exactly. I see App Compatibly section, with Include anti-features apps checkbox (but may be looking too shallow again).
The point is whether f-droid and the client are helping me be more safe, or helping me take more risk than I knew. As a user, itâs easy to add repos and add apps, and not know the âmetadataâ may be inaccurate. By âforeignâ I simply meant non-main and there IS a way for the client to show more than just âwhat the repo owner put in that metadata.â The client COULD show a reminder, like âhey, dummy, this app from non-main repo X, hasnât been checked by f-droid. Anti-features metadata list could be missing. Are you sure?!â
Does someone at f-droid check âmetadataâ for apps in main repo?
That would become annoying fast, oh waitâŚhow about we add another toggleâŚthat everyone disables and carry on as usual? Oh rightâŚnothing changed 
Or the client could display a warning in non-main app descriptions, similar to how it now displays âmetadataâ for main repo apps.
Repeat, Does someone at f-droid check âmetadataâ for apps in main repo?
Check for what? Correctness of links yes, app buildable yes, virustotal report of the APK yes, source code and deps are FOSS yes.
What else do you mean?
Valid, correct, accurate:
warnings list for âfeatures you may not likeâ
Yes, of course, apps submitted to the main repo, only.
Youâd want us to roam the land and police random repos and random appids? Repeat it every month? Maybe they change the appId? LOL
police random repos and random appids
Just the known repos list would be great! But a generic warning, not buried in the sand would be OK, and achievable.
Great, do start doing this, and maybe weâll talk about the posibility of integrating it.
Hereâs a start on pseudo code.
If (same logic used to bury non-main Repo X display in versions list)
Then
in app summary, add to display
â/!\ This app from repo X may have more features you may not like.â
in app more details,
add to display:
"Additional Anti-features:
May not be fully open source.
Devs may not care about the main repo.
Request For Packaging may not exist
This list may be incomplete and has not been reviewed by f-droid.
(Link to this thread, or other URL with more helpful explanation)"
Ummm, nope.
I meant start indexing the app IDs and extracting actual AntiFeatures, I feel that just adding a warning is rather useless, per my points above.
See, apps might actually be fully FOSS, no trackers, no analytics, no AntiFeatures what so everâŚBUTâŚsince no one submitted it to the main repo, will get, per your request, a nasty FUD filled, warning for no reason.
Yeah. See. Thatâs clearly beyond capability, and is just an excuse to stay status quo.
My compromise solution uses your words above to better inform users of risks they may be taking, similar to current displays.
Not sure youâve got the point, there is no status quo, thereâs only a lack of resourcesâŚ
Between F-Droid / Data ¡ GitLab & F-Droid / Requests For Packaging ¡ GitLab there are at least 500 issues/MRs to tackle for the main repo, even before we think about other repos, let alone their (who knows how many) apps.
My request above is simple, if you wish to tackle it do it, just that a blanket FUD filled warning makes little sense to me.
Eg. This feels like we are back to Google Play store and their propaganda, where âapps installed outside Play are filled with malware/viruses/bad stuffâ. How many of these internet articles do we need until we get the point that only big brother Google can handle an app store? Oh, how many millions of malware closed sourced apps did Google distribute? Many? We wonât talk about thatâŚ
One of the tenets of F-Droid is decentralization, adding such a warning will look sort of hypocritical, we say one thing yet we act in opposition.
1 Like
a blanket FUD filled warning makes little sense to me.
And yet, it was your first answer to my question. Was it FUD then, or does it become FUD if displayed in the client? I see it as a more prominent reminder of your position for non-main apps - caveat installer.
Where exactly did I say that in a non-joke way? Pffffffffft câmon