• DessalinesA
    link
    fedilink
    arrow-up
    33
    arrow-down
    6
    ·
    edit-2
    1 year ago

    Be aware that this is a closed source app, and since lemmy doesn’t currently have proper oauth, that it could potentially be storing your login creds. Be very wary of any lemmy app that isn’t open source.

    • figaro@lemdro.id
      link
      fedilink
      arrow-up
      23
      arrow-down
      2
      ·
      edit-2
      1 year ago

      That said, this dev is a legend and has been around for over a decade. His reddit app was monetized directly through buying a pro version of the app.

      • Refurbished Refurbisher@lemmy.sdf.org
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        I’m a big fan of trustless computing, which requires apps to be open source, or at the very least, source available.

        Trust and security just don’t mix in my eyes, since supply chain attacks are much easier when using a trusted platform vs a trustless platform, where it’s still possible to perform a supply chain attack, but since there are more eyes on it, it is much harder.

        • can@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          arrow-down
          2
          ·
          edit-2
          1 year ago

          If it ever gets sold to a big corporation I’ll feel the same way but as it stands it’s been developed by one guy who has gained my trust over a decade.

          I understand there are inherent risks in that and I approach it on a case by case basis.

          • DessalinesA
            link
            fedilink
            arrow-up
            8
            arrow-down
            1
            ·
            1 year ago

            A trustworthy person doesn’t require you to trust them; they don’t keep secrets from you, and are an open book. Beware anyone asking you to “just trust them”, which is what the authors of all closed source software demand of you.

            • can@sh.itjust.works
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              1 year ago

              I see your point but unfortunately I don’t think his patreon can cover costs as well as a “premium” version of his app will. You know more about open source than me (obviously) so what would stop someone from taking his code and making a free app with the premium features? Are you against his entire business model, the nature of the code, or both equally?

              For the record I am glad to see many good open source apps like Jerboa.

              • DessalinesA
                link
                fedilink
                arrow-up
                5
                ·
                1 year ago

                There’s nothing preventing him selling the app or a premium version, while still open sourcing it. Free as in freedom, not as in beer. Open source makes no demands or says anything about how you choose to monetize.

                Someone releasing a fork nowadays seems even more difficult than downloading an unlocked apk anyway. If they want your app for free, they’ll get it.

                • can@sh.itjust.works
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  1 year ago

                  Your last point really does seal it actually. If people want it you can’t prevent them from finding a way. But in this specific case I’ll still support it since I’m sympathetic to how he was betrayed by a corporation.

    • erwan
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      An Open Source app that you don’t compile yourself after reviewing the source code has the exact same risks.

      There is no guarantee that the version of Jerboa you install from the Play Store corresponds to the source code you see on GitHub.

      • DessalinesA
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        It’s also on f-droid, which does their own builds, and you could also compare the build with one you do on your own machine. So no, you don’t have to trust me.

      • DessalinesA
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        There are some ideas for it, and a PR which puts some of them out there, but not anytime soon.