194
Over 100,000 Infected Repos Found on GitHub
(apiiro.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Feb 2024
194 points (100.0% liked)
Open Source
31329 readers
276 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
Of course you can. The actual question is: do you trust the author(s) of the repositories you're pulling the APKs from? Including that they are keeping the repo secure from malicious influences? If the answer is "no", then you shouldn't add the repo, obviously. Every repository acts as an individual trust anchor. Unlike F-Droid or the play store, where the store itself acts as the trust anchor (or should, at least)
To be clear, I'm using obtainium for quite a few apps, but I'm rather rather careful which I add there and what apps I'm getting elsewhere.