this post was submitted on 11 Mar 2025
1152 points (95.0% liked)

Technology

76383 readers
1560 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Found this notification this morning on my pixel 6.

you are viewing a single comment's thread
view the rest of the comments
[–] sem@lemmy.blahaj.zone 3 points 7 months ago (2 children)

The main difference is of philosophy of trust. With F-droid you trust F-droid to build the binary from the developers' source code. With Accrescent, you trust the developers to build the binary from the source code.

[–] carrylex@lemmy.world 3 points 7 months ago (2 children)

With F-droid you trust F-droid to build the binary from the developers' source code

Not when using a self-hosted F-Droid Repo - which is the case for Ironfox.

[–] sem@lemmy.blahaj.zone 3 points 7 months ago

Yeah that's like any 3rd party repository

I wish more projects hosted their own F-droid repo and kept it up to date. FUTO has one for their stuff (Grayjay, FUTO Keyboard, etc), but it's frequently outdated, whereas Bitwarden and a few others I use do a good job.

Maybe Accrescent is what I'm looking for. I just want a store that:

  • automatically updates when devs push a release
  • checks signatures
  • has a good selection of FOSS apps

I basically want fdroid, but faster updates.

[–] MaggiWuerze@feddit.org 3 points 7 months ago (1 children)

So Accrescent is more like the classic play store or Obtainium?

[–] sem@lemmy.blahaj.zone 3 points 7 months ago* (last edited 7 months ago) (1 children)

In the play store you're trusting Google and the developer.

I'm not sure how obtainium works. But if you download binaries from GitHub, you're trusting the developer to accurately build their source code into the binary without adding anything. You're also trusting GitHub implicitly -- way back when, source forge was sometimes adding malware to downloads iirc.

F-droid is kind of cool in that they are saying, "we will ensure for you that the code you execute is the same as the open source code you can read". But this added level of insurance comes with downsides -- like sometimes it's harder for the developer to make their code build properly, or maybe updates take longer.

[–] MaggiWuerze@feddit.org 1 points 7 months ago (1 children)

And here I'm trusting Accrescent to actually deliver me an executable that has not been tampered with

[–] sem@lemmy.blahaj.zone 1 points 7 months ago* (last edited 7 months ago)

Yes you are trusting them, and the developer. Just like you are trusting F-droid if you download from them. You also have to trust that the compiler program doesn't do anything fishy. It's trust all the way down.

The good news is that lots of people are working on making the systems trustworthy, and you as a consumer can learn to distinguish between what can be trusted for your usecase and what can't.