Comment by skiing_crawling

1 day ago

A "single server" covers a pretty large range of scale, its more about how F-droid is used and perceived. Package repos are infrastructure, and reliability is important. A server behind someone's TV is much more susceptible to power outages, network issues, accidents, and tampering. Again, I don't know that's the case since they didn't really say anything specific.

> not hosted in just any data center where commodity hardware is managed by some unknown staff

I took this to mean it's not in a colo facility either, assumed it mean't someone's home, AKA residential power and internet.

3 comments

skiing_crawling

Reply
secabeen  1 day ago

The F-Droid repos are provided by redundant mirrors: https://f-droid.org/en/docs/Running_a_Mirror/

If this is the hidden master server that only the mirrors talk to, then it's redundancy is largely irrelevant. Yes, if it's down, new packages can't be uploaded, but that doesn't affect downloads at all. We also know nothing about the backup setup they have.

A lot depends on the threat model they're operating under. If state-level actors and supply chain attacks are the primary threats, they may be better off having their system under the control of a few trusted contributors versus a large corporation that they have little to no influence over.

  • m0dest  5 hours ago

    Even if it's just the build server, it's really hard to defend just having 1 physical server for a project that aspires to be a core part of the software distribution infrastructure for thousands of users.

    The build server going down means that no one's app can be updated, even for critical security updates.

    For something that important, they should aspire to 99.999% ("five nines of") reliability. With a single physical server, achieving five nines over a long period of time usually means that you were both lucky (no hardware failures other than redundant storage) and probably irresponsible (applied kernel updates infrequently - even if only on the hypervisor level).

    Now... 2 servers in 2 different basements? That could achieve five nines ;)

AndrewDucker  1 day ago

Ah. I took "not just any data center" to mean "in a specific co-location facility where they trust the person responsible for it".

I agree that "behind someone's TV" would be a terrible idea.