In the play store you’re trusting Google and the developer.
I’m not sure how obtainium works. But if you download binaries from GitHub, you’re trusting the developer to accurately build their source code into the binary without adding anything. You’re also trusting GitHub implicitly – way back when, source forge was sometimes adding malware to downloads iirc.
F-droid is kind of cool in that they are saying, “we will ensure for you that the code you execute is the same as the open source code you can read”. But this added level of insurance comes with downsides – like sometimes it’s harder for the developer to make their code build properly, or maybe updates take longer.
So Accrescent is more like the classic play store or Obtainium?
In the play store you’re trusting Google and the developer.
I’m not sure how obtainium works. But if you download binaries from GitHub, you’re trusting the developer to accurately build their source code into the binary without adding anything. You’re also trusting GitHub implicitly – way back when, source forge was sometimes adding malware to downloads iirc.
F-droid is kind of cool in that they are saying, “we will ensure for you that the code you execute is the same as the open source code you can read”. But this added level of insurance comes with downsides – like sometimes it’s harder for the developer to make their code build properly, or maybe updates take longer.
And here I’m trusting Accrescent to actually deliver me an executable that has not been tampered with