The main difference is of philosophy of trust. With F-droid you trust F-droid to build the binary from the developers’ source code. With Accrescent, you trust the developers to build the binary from the source code.
In the play store you’re trusting Google and the developer.
I’m not sure how obtainium works. But if you download binaries from GitHub, you’re trusting the developer to accurately build their source code into the binary without adding anything. You’re also trusting GitHub implicitly – way back when, source forge was sometimes adding malware to downloads iirc.
F-droid is kind of cool in that they are saying, “we will ensure for you that the code you execute is the same as the open source code you can read”. But this added level of insurance comes with downsides – like sometimes it’s harder for the developer to make their code build properly, or maybe updates take longer.
In addition to what others have said, it can be downloaded from the Accrescent app store:
https://accrescent.app/
Never heard of that, what’s the benefit over F-Droid?
GrapheneOS posted this on Mastodon about a month & a half back:
https://grapheneos.social/@GrapheneOS/113900949999725460
The main difference is of philosophy of trust. With F-droid you trust F-droid to build the binary from the developers’ source code. With Accrescent, you trust the developers to build the binary from the source code.
Not when using a self-hosted F-Droid Repo - which is the case for Ironfox.
Yeah that’s like any 3rd party repository
So Accrescent is more like the classic play store or Obtainium?
In the play store you’re trusting Google and the developer.
I’m not sure how obtainium works. But if you download binaries from GitHub, you’re trusting the developer to accurately build their source code into the binary without adding anything. You’re also trusting GitHub implicitly – way back when, source forge was sometimes adding malware to downloads iirc.
F-droid is kind of cool in that they are saying, “we will ensure for you that the code you execute is the same as the open source code you can read”. But this added level of insurance comes with downsides – like sometimes it’s harder for the developer to make their code build properly, or maybe updates take longer.
And here I’m trusting Accrescent to actually deliver me an executable that has not been tampered with