Be aware that this is a closed source app, and since lemmy doesn’t currently have proper oauth, that it could potentially be storing your login creds. Be very wary of any lemmy app that isn’t open source.
I’m a big fan of trustless computing, which requires apps to be open source, or at the very least, source available.
Trust and security just don’t mix in my eyes, since supply chain attacks are much easier when using a trusted platform vs a trustless platform, where it’s still possible to perform a supply chain attack, but since there are more eyes on it, it is much harder.
If it ever gets sold to a big corporation I’ll feel the same way but as it stands it’s been developed by one guy who has gained my trust over a decade.
I understand there are inherent risks in that and I approach it on a case by case basis.
A trustworthy person doesn’t require you to trust them; they don’t keep secrets from you, and are an open book. Beware anyone asking you to “just trust them”, which is what the authors of all closed source software demand of you.
I see your point but unfortunately I don’t think his patreon can cover costs as well as a “premium” version of his app will. You know more about open source than me (obviously) so what would stop someone from taking his code and making a free app with the premium features? Are you against his entire business model, the nature of the code, or both equally?
For the record I am glad to see many good open source apps like Jerboa.
There’s nothing preventing him selling the app or a premium version, while still open sourcing it. Free as in freedom, not as in beer. Open source makes no demands or says anything about how you choose to monetize.
Someone releasing a fork nowadays seems even more difficult than downloading an unlocked apk anyway. If they want your app for free, they’ll get it.
Your last point really does seal it actually. If people want it you can’t prevent them from finding a way. But in this specific case I’ll still support it since I’m sympathetic to how he was betrayed by a corporation.
It’s also on f-droid, which does their own builds, and you could also compare the build with one you do on your own machine. So no, you don’t have to trust me.
Be aware that this is a closed source app, and since lemmy doesn’t currently have proper oauth, that it could potentially be storing your login creds. Be very wary of any lemmy app that isn’t open source.
That said, this dev is a legend and has been around for over a decade. His reddit app was monetized directly through buying a pro version of the app.
I’m a big fan of trustless computing, which requires apps to be open source, or at the very least, source available.
Trust and security just don’t mix in my eyes, since supply chain attacks are much easier when using a trusted platform vs a trustless platform, where it’s still possible to perform a supply chain attack, but since there are more eyes on it, it is much harder.
If it ever gets sold to a big corporation I’ll feel the same way but as it stands it’s been developed by one guy who has gained my trust over a decade.
I understand there are inherent risks in that and I approach it on a case by case basis.
A trustworthy person doesn’t require you to trust them; they don’t keep secrets from you, and are an open book. Beware anyone asking you to “just trust them”, which is what the authors of all closed source software demand of you.
I see your point but unfortunately I don’t think his patreon can cover costs as well as a “premium” version of his app will. You know more about open source than me (obviously) so what would stop someone from taking his code and making a free app with the premium features? Are you against his entire business model, the nature of the code, or both equally?
For the record I am glad to see many good open source apps like Jerboa.
There’s nothing preventing him selling the app or a premium version, while still open sourcing it. Free as in freedom, not as in beer. Open source makes no demands or says anything about how you choose to monetize.
Someone releasing a fork nowadays seems even more difficult than downloading an unlocked apk anyway. If they want your app for free, they’ll get it.
Your last point really does seal it actually. If people want it you can’t prevent them from finding a way. But in this specific case I’ll still support it since I’m sympathetic to how he was betrayed by a corporation.
Yeah, and also I left reddit not to use other proprietary software.
An Open Source app that you don’t compile yourself after reviewing the source code has the exact same risks.
There is no guarantee that the version of Jerboa you install from the Play Store corresponds to the source code you see on GitHub.
It’s also on f-droid, which does their own builds, and you could also compare the build with one you do on your own machine. So no, you don’t have to trust me.
Is Lemmy planning on implementing a proper oauth down the road?
There are some ideas for it, and a PR which puts some of them out there, but not anytime soon.
This is kind of where I’m at. Using Jerboa (thanks for that, btw) rn, and probably going to switch over to LemmInfinity once that’s more stable.