That’s not spam.

However, Accrescent promotes apps which fail to include a libre software license text file, apps we do not control, dangerous, avoid!

So, if I’m getting this right, OP is claiming that GrapheneOS are running some sort of campaign against other open-source projects (projects which they actually do recommend against, but for actually verifiable reasons), then proceeds to show what could very well be a random person just wanting some projects they like to release their apps on Accrescent, then OP links 3 random privsec blogs and claims they’re part of this coordinated attack just because they share the same, verifiable information, and then proceeds to link to a bunch of GitHub accounts that are directly related in some way to these blogs or GrapheneOS itself as if that somehow proves anything, mixing this list with some other random GitHub accounts without giving any reasoning as to why?

And OP is not even attacking the information itself and explaining to us why it’s “BS”, rather they’re just attacking the people spreading it and claiming they’re all connected. And just in case, no, something being open-source does not mean you can just ignore any of its structural security flaws.

Pretty much the only decent takeaway from this post is that the person running wonderfall.space is supposedly the same person running privsec.dev. I don’t know any french but, in this text:

Je n’ai jamais hésité à exprimer mes doutes au sujet de F-Droid (je parlerai ici principalement de son dépôt officiel)

Atleast in the parentheses, je parlerai seems to be future tense (so they meant the section, not the article they linked to, as this post’s translation implies). The rest is still kinda weirdly phrased though and it could imply that they run it too depending on how you see it but I’d find it weirder for them to just, straight up admit to doing that.

With all this I might be missing something, idk dude.

As a mere user, I know little about all those technicalities and nothing at all about the various people involved in this arguing, or what’s at stakes for any of them. But I can read a text.

And so I did just that, reading one of the linked pages provided here. From what I’ve gathered, I see a lot of affirmations but very little in terms of demonstrating whatever is being said.

And then when I read this, I start wondering how deep such a misunderstanding is running through the entire argument:

As a result of F-Droid’s inclusion policy, usually, some developers usually have to maintain a slightly different version of their codebase for their app to comply with F-Droid’s requirements. For developers, this means not only spending more time and energy, but also, in some cases, working with libraries and components that may be outdated.

(btw, if anyone else is surprised by the use of the word ‘inclusion’ (to me, it relates more to some societal considerations than anything code related), I had a look and it seems that’s just how they talk about the technical imperatives to allow an app to be included in the F-Droid app-store)

I say it is a misunderstanding because I would not be able to tell if it is an honest incomprehension of something real fundamental, or if it is a clumsy attempt at re-framing some facts in a bad light as a way to make them look like not what they really are.

This also regularly happens against the GNU GPL license: being hated on by some open source proponents as being a burden to deal with… Which (I imagine) it really is… save that this is not what the GNU GPL is bothering with.

The GPL cares about the user. About taking a few rights away from the devs to put them in the hands of the users (the 4 freedoms). So, criticizing the GNU GPL for putting the burden on the dev (which is its objective) is akin to criticizing a surgeon for daring stabbing a patient with their scalpel in order to do surgery on them: it’s kinda… to be expected. And in most cases, said patient should feel more grateful than resentful for that very specific stabbing.

Here, the author here seems to forget what F-droid themselves are saying is their mission statement, in their About page:

Our Mission:
Provide a trusted way to find and share FOSS apps for Android. We protect privacy, put users in control, and build everything through an open, community-driven ecosystem.

They care about the users. So making it somewhat harder for the devs may not be a defect in their work.

Obviously, I have no expertise in deciding how well they are doing that or how hard they making it to the devs (I can write simple Bash scripts, if anyone wants to hire me as a dev). But in that lengthy post I’ve read nothing demonstrating me they’re doing it badly. It’s mostly frustration (which I can understand) and an apparent willingness to prove them wrong (which I can’t be fine with).

Having witnessed how often the GNU itself has been targeted for the same wrong reasons, and why so many huge corporations are so hostile to the GNU GPL, while they still wish to benefit from the whole open source idea just without having to deal with what the GPL stands for. Which is us, the users. And this makes me feel rather uncomfortable, even more so when I read this conclusion (I put together two sentences that aren’t close to one another in the original post, bu they are both part of their conclusion):

This article aims to be purely technical. It is not an attack on F-Droid or their mission

So far, you have been presented with referenced facts that are easily verifiable.

Not really.

As a reader, I was presented with many links that’s true. But beyond a certain number of (very similar links) that should be called making ‘noise’, in French we would say ‘noyer le poisson’ (to drown the fish). And most of those links point toward discussions or to people affirming things. But do we need to be reminded that people freely affirming things (say, how flat the earth is, or how our reptilian overlords are secretly ruling the human specs) don’t turn those things they affirm into ‘referenced facts’ and they certainly don’t make for any ‘verifiable’ information. No more than, say, reading the entire Marvel comics will make anyone a competent expert into genetics or superpowers, no mater how accurate said comics can be ;)

My comment is probably too long already, but I would be interested in seeing more discussions around the ‘facts’ presented in that post as maybe I completely did not get it and they’re I onto something real? Things like this, for example that I just can’t raise an eyebrow when I read:

3. Slow and irregular updates

They have to catch up with upstream on a regular basis, but very few do it well (Arch Linux comes to my mind). Others, like Debian, prefer making extensive downstream changes and delivering security fixes for a subset of vulnerabilities assigned to a CVE (yeah, it’s as bad as it sounds, but that’s another topic).

Slow updates mean that you will be exposed to security vulnerabilities more often than you should’ve been.

(emphasis mine)

To me, this sounds like non-sense, at best. And making a parallel with Debian make it even worse. But here again, I’m no dev and I may get it wrong. Allow me to explain:

Isn’t it the raison d’être of Debian to be extremely slow on updates? increasing the likeliness of the system remaining rock stable and untouched for years to come while, at the exact same time, still ensuring real quick updates where it truly matters: critical security? Forgetting about the critical updates happening in Debian doesn’t seem very fair…

Also, no one is required to use Debian if they don’t want to use that kind of slow distro, there are plenty alternatives. And, like they say, anyone is free to fork Debian if they they think they can improve upon it. I suppose the same could be said about F-Droid?

Disclaimer regarding Arch and Debian: I was an Arch user a few years ago, I ditched it not because I did not liked it (it was amazing, I liked it a lot, and it taught me a lot more) but because I naively realized that, as a user, I could not care less about constant updates to my apps and to the system. Hence, me switching to its exact opposite (Debian) and then, a year or so later, to… Linux Mint, which I have constantly been using for almost 6 years now as, to me, it feels like the perfect middle ground between almost no updates and constant updates ;)

Edit: clarifications.

Knowing the track record GrapheneOS dev/s has/have defaming other privacy and security FOSS projects and silencing criticisms about GrapheneOS I can’t blame you for wanting to post this. But this needs more looking into, calmly if possible.

And if something is not clear, share it as a concern instead of sounding the alarm too soon. I wouldn’t feed any “OSS wars”, people interested in ditching Big Tech shouldn’t be more afraid to do so than they already are.

Maybe I’m just not understanding, but most of this seems very conspiratory. I’m happy to be wrong, but this post tastes like a giant nothing burger.

First, the “spamming” seems to be about not uploading their own apps to F-Droid, which is a fair concern given a lot of the apps’ permissions. F-Droid is slow when it comes to app updates, for better or for worse, and so hosting something like a PDF viewer puts the user at unnecessary risk.

Second, there is zero proof behind the blogs. Same with the “Suspicious GitHub accounts”. Sure they post the same stuff, but that could be literally anyone. Additionally, for the android recommendations, they recommend more projects than just GrapheneOS, something Daniel Micay would likely never do given his stance on everything.

Third, and finally, the account you linked as a troll seems to be just a random dude. From a pretty brief look over of their profile, they don’t even use Lemmy anymore, and haven’t made any troll posts. On Lemmy a user doesn’t really get “banned” anyhow. The instance hosting their account (lemmy.ml) can ban them, but nothing stops them from hosting on an instance that refuses to ban trolls (such as lemmy.ml).

Debunked?