this post was submitted on 11 Mar 2025
950 points (95.6% liked)

Technology

66067 readers
4930 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
950
Android is now warning of Firefox sharing data (lemmy.world)
submitted 21 hours ago by hr_@lemmy.world to c/technology@lemmy.world
193 comments fedilink hide all child comments
 

Found this notification this morning on my pixel 6.

you are viewing a single comment's thread
view the rest of the comments
[–] MaggiWuerze@feddit.org 1 points 10 hours ago (1 children)

Never heard of that, what's the benefit over F-Droid?

[–] sem@lemmy.blahaj.zone 2 points 8 hours ago (2 children)

The main difference is of philosophy of trust. With F-droid you trust F-droid to build the binary from the developers' source code. With Accrescent, you trust the developers to build the binary from the source code.

[–] MaggiWuerze@feddit.org 3 points 7 hours ago (1 children)

So Accrescent is more like the classic play store or Obtainium?

[–] sem@lemmy.blahaj.zone 2 points 6 hours ago* (last edited 6 hours ago) (1 children)

In the play store you're trusting Google and the developer.

I'm not sure how obtainium works. But if you download binaries from GitHub, you're trusting the developer to accurately build their source code into the binary without adding anything. You're also trusting GitHub implicitly -- way back when, source forge was sometimes adding malware to downloads iirc.

F-droid is kind of cool in that they are saying, "we will ensure for you that the code you execute is the same as the open source code you can read". But this added level of insurance comes with downsides -- like sometimes it's harder for the developer to make their code build properly, or maybe updates take longer.

[–] MaggiWuerze@feddit.org 1 points 6 hours ago (1 children)

And here I'm trusting Accrescent to actually deliver me an executable that has not been tampered with

[–] sem@lemmy.blahaj.zone 1 points 6 hours ago* (last edited 6 hours ago)

Yes you are trusting them, and the developer. Just like you are trusting F-droid if you download from them. You also have to trust that the compiler program doesn't do anything fishy. It's trust all the way down.

The good news is that lots of people are working on making the systems trustworthy, and you as a consumer can learn to distinguish between what can be trusted for your usecase and what can't.

[–] carrylex@lemmy.world 1 points 1 hour ago (1 children)

With F-droid you trust F-droid to build the binary from the developers' source code

Not when using a self-hosted F-Droid Repo - which is the case for Ironfox.

[–] sem@lemmy.blahaj.zone 1 points 1 hour ago

Yeah that's like any 3rd party repository