this post was submitted on 22 Jun 2026
-3 points (44.4% liked)

Free and Open Source Software

22567 readers
17 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
Gaywallet@beehaw.org
alyaza@beehaw.org
-3
Komi Store: Android app store to install and update apps hosted on GitHub, Codeberg & Forgejo (github.com)
submitted 1 day ago* (last edited 1 day ago) by Deep@mander.xyz to c/foss@beehaw.org
27 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] solrize@lemmy.ml 8 points 1 day ago (1 children)

What's wrong with F-droid?

[–] artyom@piefed.social 2 points 1 day ago (1 children)

Nothing relevant to this app. But FDroid only has apps that have been submitted to it. This allows installation and updates of any apps with releases published to GitHub.

[–] solrize@lemmy.ml 2 points 1 day ago (2 children)

I don't see the point then. I can install direct from GitHub if I want that. I don't want a random intermediary that's another possible attack vector.

[–] hellmo_luciferrari@lemmy.zip 2 points 1 day ago

While I understand that less is more mentality here; but Obtainium doesn't just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.

[–] artyom@piefed.social 1 points 1 day ago* (last edited 1 day ago) (1 children)

One could say the same about the FDroid app.

[–] TehPers@beehaw.org 2 points 1 day ago (1 children)

FDroid's official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it's not the default flow. To use a recent example, it's like comparing the Arch official repos to AUR.

Not that there isn't value in a tool that can download apps for you from GitHub, but it's not really fair to compare that to F-Droid. You're generally safer on F-Droid's official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.

[–] artyom@piefed.social 0 points 1 day ago (1 children)

It's completely fair to compare on the qualities which were specified.

[–] TehPers@beehaw.org 1 points 21 hours ago (1 children)

The qualities that were specified were security. Do you plan to actually explain how both FDroid and random GitHub downloads are equally insecure?

[–] artyom@piefed.social 0 points 21 hours ago* (last edited 21 hours ago) (1 children)

The qualities that were specified was the ability to install the apps through the browser without the "attack vector" of an app installer.

[–] TehPers@beehaw.org 1 points 21 hours ago (1 children)

In that case, both FDroid and the browser are intermediaries and potential attack vectors. You go through the same number of middlemen. One just verifies the packages for you.

[–] artyom@piefed.social 1 points 21 hours ago (1 children)

So you agree that they're comparable?

[–] TehPers@beehaw.org 1 points 21 hours ago (1 children)

If you have tunnel vision, then sure. In fact, it's just as comparable as downloading from realappmirror.ru where you have the same number of intermediaries.

[–] artyom@piefed.social 1 points 21 hours ago (1 children)

I don't have "tunnel vision" and I don't know what that thing is. Perhaps you'd like to continue trying to explain how they're different?

[–] TehPers@beehaw.org 1 points 20 hours ago (1 children)

I already did.

If you have nothing of value to add, then I'm done discussing this.

[–] artyom@piefed.social 0 points 20 hours ago

I have nothing to add because I've already addressed this. Now it's your turn. If you're not going to answer my question, then feel free to stop replying to me.