I’ve come to realize that a lot of foss android apps are pretty outdated and usually abandoned. Is that even safe to use? Like even the fdroid archive repository, are those safe to use? I’m still rather new to the foss world, but in my mind it seems a very outdated app is probably not safe or am I missing something here?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    These are code health smells. Looking for the activity in a repository the number of contributors, the frequency of updates, these are all let you get a feeling for how well cared for a project is. Sometimes that doesn’t matter, but it is definitely something you should factor in.

    • inasaba@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      For any app that isn’t network-facing and that works with protocols that haven’t been changed in a long time, there is no point worrying over how “active” the development is on an app. If nothing has been broken, then nothing needs fixing. My music player has had all the features it needs for a decade, and continues to work to this day. Why change a good thing?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        For those kind of apps I’d love to see like a heartbeat commit. Everything’s fine. 2020 nothing to change. All’s working well. Just code smell

      • borzthewolf@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Gotcha. But what’s stopping cyber criminals from seeing these abandoned repos and possibly taking over and implement malware or what not

        • inasaba@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Have you ever used Github? People can’t just push code to the main repo.

          And all submissions to F-Droid are checked for this kind of thing.

          • borzthewolf@lemmy.worldOP
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            I mean yes I use github for reference and sometimes downloading but I don’t actually know a whole lot about it like push and pull requests and what not, as I haven’t found a need to learn it yet. So what you’re saying is to basically download apps from github instead of fdroid to ensure you get the latest?

    • borzthewolf@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      So just because fdroid says an app hasn’t been updated since 2020, that doesn’t necessarily mean its not being maintend or is abandoned?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Its a strong indicator it isn’t being maintained, and it is abandoned. But its not a guarantee, some code is very mature, but its the exception rather then the rule