> this article has unfortunately triggered a mostly negative response from the F-Droid team and some of their community, who seem to take a dismissive stance toward this article rather than bringing relevant counterpoints.
To be fair, their most salient technical critique was the low target API level, which is a deliberate choice made to exclude fewer users from the store. Everything else listed here comes down to the "Trusting Trust" problem that has plagued every free computing platform. F-Droid isn't capable of auditing every app any more than Apple or Google is; holding them to impossible standards isn't constructive.
My counterpoint would be asking what a true solution looks like. The only scenario I can imagine with a "perfect" threat model is one where software repositories don't exist at all, which isn't something anyone wants.
To be fair, their most salient technical critique was the low target API level, which is a deliberate choice made to exclude fewer users from the store. Everything else listed here comes down to the "Trusting Trust" problem that has plagued every free computing platform. F-Droid isn't capable of auditing every app any more than Apple or Google is; holding them to impossible standards isn't constructive.
My counterpoint would be asking what a true solution looks like. The only scenario I can imagine with a "perfect" threat model is one where software repositories don't exist at all, which isn't something anyone wants.