Why apps in "known repos" are not in "main" repo?

Already available, press versions, press the arrow

That’s buried too deep, IMO, but true, it’s there.

That’s in the metadata, F-Droid the client, can only show what the repo owner put in that metadata…nothing more.

The client could at least show a generic warning, because it’s pointing to a “foreign” repo. I’d like being reminded during app installs or updates and when looking at app descriptions.

It’s not “a foreign repo” to you, I don’t get the point. Who forced you to add the repo exactly?

“We don’t even allow you to install other applications from the repository that track you, unless you first enable ‘Tracking’ in the AntiFeatures section of preferences.” About | F-Droid - Free and Open Source Android App Repository

FYI, minor detail: I don’t see this exactly. I see App Compatibly section, with Include anti-features apps checkbox (but may be looking too shallow again).

The point is whether f-droid and the client are helping me be more safe, or helping me take more risk than I knew. As a user, it’s easy to add repos and add apps, and not know the “metadata” may be inaccurate. By “foreign” I simply meant non-main and there IS a way for the client to show more than just “what the repo owner put in that metadata.” The client COULD show a reminder, like “hey, dummy, this app from non-main repo X, hasn’t been checked by f-droid. Anti-features metadata list could be missing. Are you sure?!”

Does someone at f-droid check “metadata” for apps in main repo?

That would become annoying fast, oh wait…how about we add another toggle…that everyone disables and carry on as usual? Oh right…nothing changed :frowning:

Or the client could display a warning in non-main app descriptions, similar to how it now displays “metadata” for main repo apps.

Repeat, Does someone at f-droid check “metadata” for apps in main repo?

Check for what? Correctness of links yes, app buildable yes, virustotal report of the APK yes, source code and deps are FOSS yes.

What else do you mean?

Valid, correct, accurate:

warnings list for “features you may not like”

Yes, of course, apps submitted to the main repo, only.

You’d want us to roam the land and police random repos and random appids? Repeat it every month? Maybe they change the appId? LOL

police random repos and random appids

Just the known repos list would be great! But a generic warning, not buried in the sand would be OK, and achievable.

Great, do start doing this, and maybe we’ll talk about the posibility of integrating it.

Here’s a start on pseudo code.

If (same logic used to bury non-main Repo X display in versions list)
Then
in app summary, add to display
“/!\ This app from repo X may have more features you may not like.”
in app more details,
add to display:
"Additional Anti-features:
May not be fully open source.
Devs may not care about the main repo.
Request For Packaging may not exist
This list may be incomplete and has not been reviewed by f-droid.

(Link to this thread, or other URL with more helpful explanation)"

Ummm, nope.

I meant start indexing the app IDs and extracting actual AntiFeatures, I feel that just adding a warning is rather useless, per my points above.

See, apps might actually be fully FOSS, no trackers, no analytics, no AntiFeatures what so ever…BUT…since no one submitted it to the main repo, will get, per your request, a nasty FUD filled, warning for no reason. :frowning:

Yeah. See. That’s clearly beyond capability, and is just an excuse to stay status quo.

My compromise solution uses your words above to better inform users of risks they may be taking, similar to current displays.

Not sure you’ve got the point, there is no status quo, there’s only a lack of resources…

Between F-Droid / Data · GitLab & F-Droid / Requests For Packaging · GitLab there are at least 500 issues/MRs to tackle for the main repo, even before we think about other repos, let alone their (who knows how many) apps.

My request above is simple, if you wish to tackle it do it, just that a blanket FUD filled warning makes little sense to me.

Eg. This feels like we are back to Google Play store and their propaganda, where “apps installed outside Play are filled with malware/viruses/bad stuff”. How many of these internet articles do we need until we get the point that only big brother Google can handle an app store? Oh, how many millions of malware closed sourced apps did Google distribute? Many? We won’t talk about that…

One of the tenets of F-Droid is decentralization, adding such a warning will look sort of hypocritical, we say one thing yet we act in opposition.

1 Like

a blanket FUD filled warning makes little sense to me.

And yet, it was your first answer to my question. Was it FUD then, or does it become FUD if displayed in the client? I see it as a more prominent reminder of your position for non-main apps - caveat installer.

Where exactly did I say that in a non-joke way? Pffffffffft c’mon

Not all are fully open source.

Not all devs care about the main repo.

No one made a Request For Packaging for those apps.

I think the best solution for making it easier to find and add repos is improving the add repo workflow in “Manage Repos”. There are some issues about that in the fdroidclient tracker. Managing lists of URLs is much better handled by other tools, like wikis, etc. A list built into the client would just be harder to manage and often out of date.

1 Like

The repo that I run hosts Signal, whose developers are needlessly hostile to F-Droid:

We can include Signal in F-Droid - #13 by fd-fan
https://github.com/LibreSignal/LibreSignal/issues/37
How to get Signal APKs outside of the Google Play Store - #20 by moxie0 - Android Feature Requests - Signal Community

And uGet, which has not submitted itself to F-Droid. (I also believe it has non-Free components in its default build, but a libre build is possible if I’m reading the gradle files correctly.)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.