Why apps in "known repos" are not in "main" repo?

Is there a general list of reasons? Even better, a list for each known repo in the list? Could we add it (how difficult)?

Not all are fully open source.

Not all devs care about the main repo.

No one made a Request For Packaging for those apps.

1 Like

I would like to see, in f-droid client:

  1. reminder display for each app installed from non-main repo, showing which repo it came from.
  2. warnings list for “features you may not like” for apps from non-main repos, similar to borderline (?) apps from main repo (e.g. osmAnd).

Already available, press versions, press the arrow

That’s in the metadata, F-Droid the client, can only show what the repo owner put in that metadata…nothing more.

Already available, press versions, press the arrow

That’s buried too deep, IMO, but true, it’s there.

That’s in the metadata, F-Droid the client, can only show what the repo owner put in that metadata…nothing more.

The client could at least show a generic warning, because it’s pointing to a “foreign” repo. I’d like being reminded during app installs or updates and when looking at app descriptions.

It’s not “a foreign repo” to you, I don’t get the point. Who forced you to add the repo exactly?

“We don’t even allow you to install other applications from the repository that track you, unless you first enable ‘Tracking’ in the AntiFeatures section of preferences.” https://f-droid.org/en/about/

FYI, minor detail: I don’t see this exactly. I see App Compatibly section, with Include anti-features apps checkbox (but may be looking too shallow again).

The point is whether f-droid and the client are helping me be more safe, or helping me take more risk than I knew. As a user, it’s easy to add repos and add apps, and not know the “metadata” may be inaccurate. By “foreign” I simply meant non-main and there IS a way for the client to show more than just “what the repo owner put in that metadata.” The client COULD show a reminder, like “hey, dummy, this app from non-main repo X, hasn’t been checked by f-droid. Anti-features metadata list could be missing. Are you sure?!”

Does someone at f-droid check “metadata” for apps in main repo?

That would become annoying fast, oh wait…how about we add another toggle…that everyone disables and carry on as usual? Oh right…nothing changed :frowning:

Or the client could display a warning in non-main app descriptions, similar to how it now displays “metadata” for main repo apps.

Repeat, Does someone at f-droid check “metadata” for apps in main repo?

Check for what? Correctness of links yes, app buildable yes, virustotal report of the APK yes, source code and deps are FOSS yes.

What else do you mean?

Valid, correct, accurate:

warnings list for “features you may not like”

Yes, of course, apps submitted to the main repo, only.

You’d want us to roam the land and police random repos and random appids? Repeat it every month? Maybe they change the appId? LOL

police random repos and random appids

Just the known repos list would be great! But a generic warning, not buried in the sand would be OK, and achievable.

Great, do start doing this, and maybe we’ll talk about the posibility of integrating it.

Here’s a start on pseudo code.

If (same logic used to bury non-main Repo X display in versions list)
in app summary, add to display
“/!\ This app from repo X may have more features you may not like.”
in app more details,
add to display:
"Additional Anti-features:
May not be fully open source.
Devs may not care about the main repo.
Request For Packaging may not exist
This list may be incomplete and has not been reviewed by f-droid.

(Link to this thread, or other URL with more helpful explanation)"

Ummm, nope.

I meant start indexing the app IDs and extracting actual AntiFeatures, I feel that just adding a warning is rather useless, per my points above.

See, apps might actually be fully FOSS, no trackers, no analytics, no AntiFeatures what so ever…BUT…since no one submitted it to the main repo, will get, per your request, a nasty FUD filled, warning for no reason. :frowning:

Yeah. See. That’s clearly beyond capability, and is just an excuse to stay status quo.

My compromise solution uses your words above to better inform users of risks they may be taking, similar to current displays.

Not sure you’ve got the point, there is no status quo, there’s only a lack of resources…

Between https://gitlab.com/fdroid/fdroiddata/ & https://gitlab.com/fdroid/rfp there are at least 500 issues/MRs to tackle for the main repo, even before we think about other repos, let alone their (who knows how many) apps.

My request above is simple, if you wish to tackle it do it, just that a blanket FUD filled warning makes little sense to me.

Eg. This feels like we are back to Google Play store and their propaganda, where “apps installed outside Play are filled with malware/viruses/bad stuff”. How many of these internet articles do we need until we get the point that only big brother Google can handle an app store? Oh, how many millions of malware closed sourced apps did Google distribute? Many? We won’t talk about that…

One of the tenets of F-Droid is decentralization, adding such a warning will look sort of hypocritical, we say one thing yet we act in opposition.

1 Like

a blanket FUD filled warning makes little sense to me.

And yet, it was your first answer to my question. Was it FUD then, or does it become FUD if displayed in the client? I see it as a more prominent reminder of your position for non-main apps - caveat installer.

Where exactly did I say that in a non-joke way? Pffffffffft c’mon