this post was submitted on 14 Jan 2024
7 points (81.8% liked)

Newpipe

2313 readers
1 users here now

Website : https://newpipe.net

Blog : https://newpipe.net/blog/

Github : https://github.com/TeamNewPipe/NewPipe

Donate : https://newpipe.net/donate/

founded 3 years ago
MODERATORS
fittonia@lemmy.ml
testman@lemmy.ml
7
Still seeing posts from Lemmy about how @fdroidorg doesn't have in sync. (mastodon.online)
submitted 9 months ago* (last edited 9 months ago) by drakenblackknight@mastodon.online to c/newpipe@lemmy.ml
9 comments fedilink hide all child comments
 

Still seeing posts from Lemmy about how @fdroidorg doesn't have @newpipe in sync.

They have an official repo. That will fix the problem.

you are viewing a single comment's thread
view the rest of the comments
[–] NeatNit@discuss.tchncs.de 1 points 9 months ago* (last edited 9 months ago) (1 children)

They have an official repo. That will fix the problem.

Correct me if this is wrong, but from my understanding switching to their repo means no longer being behind F-Droid's source code match guarantee, or seeing anti-features and all that stuff. Granted, I already gave that up for Bitwarden so I admit it's a bit hypocritical, but much of the value of a centralized F-Droid is the main repo's curation process - circumventing it is a workaround, not a solution.

Edit: I also worry about the possibility - however remote - of downloading new apps thinking they're from the F-Droid repository, when they are in fact from some alternate repository I'm using. I already worry about this with Bitwarden, and each repo I add is another potential vector for this. Perhaps I'm overthinking this, but I'm thinking if too many popular apps make their own F-Droid repos, this might become a real threat.

[–] drakenblackknight@mastodon.online 0 points 9 months ago (1 children)

@NeatNit
The other problem is trusting a centralized service implicitly. That's how people keep getting their login information exposed from Fakebook.

[–] NeatNit@discuss.tchncs.de 1 points 9 months ago (1 children)

gotta trust someone at some point

[–] drakenblackknight@mastodon.online 0 points 9 months ago (1 children)

@NeatNit
Yeah, why not make it the people it comes from?

[–] NeatNit@discuss.tchncs.de 1 points 9 months ago (1 children)

In the general case: because placing all your trust in one place leaves no one else to check their work. You have to place some trust in the app developer (this is always true) but having a middleman can have benefits. For example, if an app starts using proprietary blobs - either deliberately or without realising - then F-Droid's pipeline and/or maintainers would likely catch it and have it resolved. If there's no one else to check such nitty-gritty details, that leaves more room for error.

In the specific case of Newpipe: it's probably fine, but I'd prefer not to make a habit of it.

[–] drakenblackknight@mastodon.online 0 points 9 months ago (1 children)

@NeatNit
Another benefit to having the official repo is that you can toggle it off if Newpipe ever goes down the same path as, say, Simple Mobile Tools (sells to an adtech company).

[–] NeatNit@discuss.tchncs.de 1 points 9 months ago

This is just another benefit of a centralised repo: I can't keep track of all the news about all the companies whose apps I use. A strong community of repo maintainers will do a much better job of blocking updates or removing apps entirely when they go rogue than each user fending for themselves could ever do.