Something is not clear to me about the criteria for an app being moved into the Archive repo. For example :
DivestOS apps have been reported on fdroiddata as no longer maintained 6 months ago, their respective repos are read-only, and none of the 7 reported apps has been moved to the Archive repo.
Simple Contacts Pro SE has also been reported as discontinued, the issue has been “closed with merge request”, and the corresponding merge request has been merged, but the app is still available in the Main repo.
Document Viewer has been tagged as KnownVuln several years ago, and yet is also still available in the Main repository.
I’m surprised because I read the following in the 2024-09-19 TWIF:
Why were all these apps archived? Because even if working, their source code is in stasis, in a frozen state.
Why does this matter since we can still see it? We can see it, yet no one maintains it. If somebody finds a bug in the code they can’t report it at all since the issue tracker is also locked, let alone release a fixed version.
So are things like an app being discontinued a good reason to report it on fdroiddata? Why are some apps tagged as KnownVuln moved to Archive while some others are kept in Main?
Does it mean that apps with the KnownVuln flag are always supposed to be moved into the Archive repo, and that the ones still in the Main repo have just presumably be forgotten?
Do you mean that discontinued apps (including apps from a read-only Codeberg/GitLab/GitHub/etc project, like DivestOS apps) stay in the Main repo until someone reports a bug or a security flaw? If it’s the case, it’s surprising and contradicts what is written in this 10-month-old TWIF:
ePUBator - Offline PDF to ePUB converter.
[This app contains a known security vulnerability.]
What security vulnerability? Why is it not described so the user can decide if it is acceptable or not?
For example, an internet based vulnerability may be irrelevent if the user intends to sideload the app onto an offline device but without a description of the supposed vulnerability how is one to know?
I do not install appstore clients especially ones like the current f-droid client that has so many unneccessary and intrusive permissions that it is tantamount to installing a back door trojan.
so you’re OK with installing apps COMPILED by f-droid.org but not with using the F-Droid app to update them?
you realize they could back door all of the non-reproducible apps if they wanted to in your contrived case?
Sure but that would likely not go unnoticed by the app developers and why would they need to do that when they already have duped everyone into installing an appstore client with permissions to change system settings, use the device camera to take pictures and video and to access all the files in the user’s shared storage all of which is totally unneccessary for downloading and installing apps and anyone concerned about privacy and security of their device DO NOT install such appstores as this f-droid trash.
The truth is, an appstore client only needs to use its own private storage to download apps and then install them it does not need to access shared storage at all and if anyone has not been paying attention the focus for surveillance and spying has shifted from hacking or installing viruses to compromising our devices with back doors disguised as features and this f-droid appstore bs only started when the original founder of f-droid retired.
Also, since you are so intimate with Android development, as Google perscribes permissions and feature usage, can you advise how to still be able to use the functions without the need for the permissions?
Eg. How to scan a QR code without camera access. How to find devices near us without enabling bluetooth or starting wi-fi, etc
