Comment by basilgohar

1 day ago

I think all the criticism of what F-Droid is doing here (or perceived as doing) reflects more on the ones criticising than the ones being criticised.

How many things went upside down and all the "right" things were done (corporate governance, cloud native deployment, automation, etc.). The truth is none of these processes are actually going to make things more secure, and many projects went belly up despite following these kinds of recommendations.

That being said, I am grateful to F-Droid fighting the good fight. They are providing an invaluable service and I, for one, am even more grateful that they are doing it as uncompromisingly as possible (well into discomfort) according to their principles.

3 comments

basilgohar

dugite-code 20 hours ago

Not to mention this is a build server, its uptime isn't actually all that critical, assuming they then mirror the artifacts out from there.

Not to mention it also simplifies the security of controlling signing keys significantly.

vachina 14 hours ago

Exactly, if you run out of money, processes meant jackshit.