"Proprietary" is a vague term, and admittedly its application to anything FOSS is dubious, but in this particular case I was applying it to the process surrounding building & listing on F-Droid, so it would include both software (non-proprietary) and also human processes (seemingly proprietary? maybe?).
My use of the term in this context was merely to emphasise the non-idiomatic nature of it.
> AFAIK, they are just doing what every major Linux distro does - they rebuild all software they ship from source on trusted build infra.
There's reasonable arguments for doing this for a Linux distro where interoperability with the OS & general configuration scaffolding is key. For example, having a specific packaging format is made much easier by having build infra to build that package. F-Droid uses Google's packaging format. The apps run on a Google-managed OS, and interact with Google APIs & config. There's nothig F-Droid is adding here in the runtime context.
> Much harder to slip in malware unnoticed
Highly debatable; particularly given the outdated nature of their build infra.
> makes sure the source is publicly available
It does but you don't need a custom build pipeline to ensure this.
> and has the correct license
You definitely don't need custom build to ascertain this.
> as well as that it can actually be built outside of developers laptop
This is a reasonable argument, but the hurdle still seems high for minimal benefit.
> F-Droid uses Google's packaging format. The apps run on a Google-managed OS, and interact with Google APIs & config.
I think you are wrong here:
1. APK is the Android (AOSP) package format. While Android is primarily developed behind closed doors at Google, the OS itself contains no Google dependencies.
2. F-Droid runs fine on Google-free devices. I think it is safe to say that it exists to provide a complete App Store for Google(-Play) free devices.
Your defining "Google" more narrowly to mean "Google Play and Google services" (understandable as this is common shorthand), whereas I just meant Google the company. AOSP is a Google product and APK is maintained by Google.
Either way it's irrelevant whether any of it is or isn't technically "Google", my only point was that F-Droid do not make AOSP/Android. That's true regardless of your definitions.
"Proprietary" is a vague term, and admittedly its application to anything FOSS is dubious, but in this particular case I was applying it to the process surrounding building & listing on F-Droid, so it would include both software (non-proprietary) and also human processes (seemingly proprietary? maybe?).
My use of the term in this context was merely to emphasise the non-idiomatic nature of it.
> AFAIK, they are just doing what every major Linux distro does - they rebuild all software they ship from source on trusted build infra.
There's reasonable arguments for doing this for a Linux distro where interoperability with the OS & general configuration scaffolding is key. For example, having a specific packaging format is made much easier by having build infra to build that package. F-Droid uses Google's packaging format. The apps run on a Google-managed OS, and interact with Google APIs & config. There's nothig F-Droid is adding here in the runtime context.
> Much harder to slip in malware unnoticed
Highly debatable; particularly given the outdated nature of their build infra.
> makes sure the source is publicly available
It does but you don't need a custom build pipeline to ensure this.
> and has the correct license
You definitely don't need custom build to ascertain this.
> as well as that it can actually be built outside of developers laptop
This is a reasonable argument, but the hurdle still seems high for minimal benefit.