They have an amazing reputation on open source. I think you’re conflating reputation on open source with reputation because of their willingness to understand & criticize issues with some other open source products. The issues with F-Droid’s security model have long been known & discussed by other prominent developers. It is why Obtanium has become increasingly popular. Heck, it is even mentioned on Privacy Guides. Their criticism towards Firefox is to my knowledge more specific to the Android security model & the reality is that Chromium provides significantly better sandboxing there. That isn’t an attack on Firefox itself but design choices or lack or commitment to the fundamentals, which Mozilla has routinely engaged in with Pocket, reselling Mullvad while breaking their browser support for tab container VPN integration if a user has Mullvad installed, their recent AI push, etc. But again they are specifically evaluating & criticizing the security or technical decisions in such instances. Likewise, it is fair to hate on Manifestat v3 used in newer Chrome extensions because not all the v2 features were supported out of the box, but there is no question that the security model in Manifest v2 was significantly worse & would be very easy for a malicious developer to have intercepted & logged all the requests. Manifest v3 solves that & they have uBlock Origin Lite now. I hope to see further improvements in this area. But criticizing the decisions of an open source project, especially as it pertains to security, does not make them anti-open source.
They have an amazing reputation on open source. I think you’re conflating reputation on open source with reputation because of their willingness to understand & criticize issues with some other open source products. The issues with F-Droid’s security model have long been known & discussed by other prominent developers. It is why Obtanium has become increasingly popular. Heck, it is even mentioned on Privacy Guides. Their criticism towards Firefox is to my knowledge more specific to the Android security model & the reality is that Chromium provides significantly better sandboxing there. That isn’t an attack on Firefox itself but design choices or lack or commitment to the fundamentals, which Mozilla has routinely engaged in with Pocket, reselling Mullvad while breaking their browser support for tab container VPN integration if a user has Mullvad installed, their recent AI push, etc. But again they are specifically evaluating & criticizing the security or technical decisions in such instances. Likewise, it is fair to hate on Manifestat v3 used in newer Chrome extensions because not all the v2 features were supported out of the box, but there is no question that the security model in Manifest v2 was significantly worse & would be very easy for a malicious developer to have intercepted & logged all the requests. Manifest v3 solves that & they have uBlock Origin Lite now. I hope to see further improvements in this area. But criticizing the decisions of an open source project, especially as it pertains to security, does not make them anti-open source.