A note about the host
Another important part of this story is where the server lives and how it is managed. F-Droid is not hosted in just any data center where commodity hardware is managed by some unknown staff. We worked out a special arrangement so that this server is physically held by a long time contributor with a proven track record of securely hosting services.
yet doesn’t mention who this person is. No transparency.
We work to be as transparent as possible. Running a high profile server means you have a target on you. The most common way to break into a server is to attack the people who have access to it. So we have to strike a balance here. We have volunteer systems administrators, they are all free to say what they run. The F-Droid contributors have decided that the systems administrators need to be known to the contributors and the board, but it is not feasible that they are required to be public about it. You will see that other FOSS projects have made more or less the same decision. Look at Fedora, Mastodon, Matrix, etc. Debian is a bit more open about it, the 10 members of the Systems Administration Team are listed publicly.