This is why the marketing around flatpak bothers me. It’s touted as some kind of “universal Linux package manager” but Linux is just a kernel - all the stuff that apps depend on comes with the distro. So, in order for flatpaks to be “distro independent” they basically have to supply all the stuff that normally comes from the distro - effectively building a second distro on top of your existing one.

Nix and Guix are the same but at least I think they’re more up front that they are effectively distros that can run on top of your existing distro or as a standalone operating system directly on top of Linux.

FUTO changing the definition of open source to suit their business model is like that time US Congress decided that pizza was a vegetable because it has tomato sauce.

FUTO’s EULA may superficially resemble a true free software license (and may be good enough for you, personally) but it fundamentally undermines core tenets of the free software movement in order to preserve their business interests. All pseudo-FOSS licenses (whether of the “ethical” or the “business” variety) do this, because they prioritize the interests of the rightsholder above those of the community and the user. If important free software projects like Linux and Firefox were released under this license the free software world as we know it would not be possible.

As proprietary licenses go, it’s certainly far from the worst.

Free software is a matter of liberty, not price. It is perfectly legal and ethical to sell free software. Keep in mind if you’re using third party code (whether it’s libraries or external contributions to your application) you must abide by the terms of whatever license it is under, this is whether it’s paid or gratis.

It’s even perfectly legal to fork an existing free software project and sell it on the play store, although whether that is ethical or not is up for debate - depending on what efforts you put into your fork before selling it, an orthodox Stallmanist might have no problem with it but the original developer(s) of that code may perceive this as “theft.” Keep in mind you must abide by the terms of whatever license the project is under, so if it is a copyleft license like the GNU GPL you must either provide corresponding source code or an offer for such.

Assuming they own the copyright (which I believe they do, since they were able to relicense it to begin with) they can absolutely offer it under a dual licensing arrangement even if the licenses are incompatible. It would only be an issue if other peoples’ AGPLv3 licensed code was in there, but as it is not the only copyright they would theoretically be violating is their own, which is literally not possible.

Dual licensing under a free software license and proprietary EULA is a common business model, especially when the free software license is a strong copyleft like the AGPL, since the proprietary licensors do not have to abide by certain conditions that free license users have to.

When one asks if something is free software (a.k.a. FOSS) the concern isn’t so much trust but rather can one view, modify, and share the program. Sandboxes solve a different problem.

In the case of a javascript bundle, in order for a user to exercise the Four Freedoms they must at minimum be provided with corresponding source code for each component in the bundle, and preferably some way in the browser for the user to inspect and modify it. In other words, it must be treated like any other compiled binary program. A lock file with specific versions probably isn’t necessary (and server configuration and source code definitely isn’t).

You are right in that this would require cooperation from the service provider to provide this metadata, and most definitely would not do this. Therefore, such an extension as OP suggests would have the effect of blocking the vast majority of javascript on the web today. LibreJS tries to some extent but I don’t know how well it can handle bundled javascript files.

No opinion on OSMand but Magic Earth is proprietary which is a deal breaker for me.

Aseprite is proprietary, but so is this. There is LibreSprite though.

I feel like there’s a lot of FUD around this subject, because people bring it up as if it’s purely a negative without talking about the reasons why it’s done the way it is. The whole point of F-Droid is that it’s a repository (not a store) of free software applications. They have an inclusion policy forbidding proprietary code and dependencies, and in order to enforce this policy they have to build from publicly available source code, and in order to do so they need to sign the builds themselves. This means, yes, you are trusting F-Droid instead of the upstream developer - but given F-Droid has higher standards than upstream developers this is a tradeoff I am willing to make.

Reproducible builds solves this in a way that preserves the standards of F-Droid, however, “security peoples’” favored “alternatives” (such as Accrescent, Obtainium, and Google Play Store/Aurora Store) forego this entirely, showing they don’t either have a viable solution to offer or that they don’t really care about the problem that F-Droid is addressing to begin with.

Same reason anyone would use a dedicated provider-independent client instead of a proprietary web application locked into a single provider: less vendor lock-in, more local control, and so on.

To be clear, it used to be fully free software, then became proprietary for a little while, and then as of 17 June 2024 it became free again. So the most recent release 11.15.0 (from two days ago) is fully free, but the previous one isn’t.

“Privacy centric” is irrelevant because because this is the free software movement, not the privacy movement (also, this is not reddit, we have a higher standard of conduct here).

Further reading on free software philosophy. Most relevant is why software should not have owners (1994) as this is fundamentally where FUTO disagrees with the open source/free software movement.

I also made a prior comment here about the fundamental difference between “fauxpen source” licenses like FUTO’s and real FOSS licenses. You seem to characterize it as “stealing code and profiting off it” but the strength of free software is in collaboration and community, not so much competition, so sharing is considered a virtue here. I talked more about it here in a reddit comment referencing my previous lemmy comment.

This will probably be my last comment on FUTO/Grayjay in this thread, since I’ve said all I intend to say several times here and on reddit. I might make a master post about the problems of fauxpen source at some point.

I don’t have any opinion on grayjay but this is the open source community and grayjay is proprietary. That’s the only reason I downvoted your comment

Feel free to use it if it works for you but I think it’s poor form to advertise proprietary products in a thread about a free software project.

My guess (and it’s only a guess, I haven’t looked at the source code) is that the scraping is being done on a server end that they can update without having to push an app update.

edit: my guess was wrong, I found where the source code is and they do the parsing locally - however it’s a plugin that I assume gets loaded in on app start so they can still update it without having to publish a new apk. this is the fix

interestingly although Grayjay itself is proprietary this plugin is Affero GPL licensed.

AFAIK FUTO/Rossmann, to their credit, stopped trying to openwash themselves. They created their own phrase “source-first” to describe their proprietary EULA.

That doesn’t change the fact that it’s proprietary and not worth promoting here.

I will continue to maintain that it is bitterly ironic for a product which is 95% based on free software to be so hostile to software freedom. They feel so entitled to take but don’t want to give back, and they justify it by saying that that others will do the same thing they did if they do make it fully free.

A proprietary browser is a non-starter for me, especially when there are many free alternatives, even Chromium based ones. I’d take Ungoogled-Chromium on desktop or Cromite on mobile, heck I’d take Brave even.

I don’t have any suggestions. I can’t think of any proprietary app good enough that I’d give up control of my computing for. However, consider objective requirements rather than subjective terms like good. What do you use the proprietary app for, why are existing free alternatives not sufficient, and can a free app be made that satisfies those requirements?

I’m also not too happy with this framing of the free software movement. The goal of the software freedom movement is to empower users with the freedom to use, modify, and share the software; that free software projects end up being alternatives to proprietary software products (“paid” is irrelevant) is more or less a consequence of people scratching their own itch. Maybe the fact that GNU and Linux started out as attempts to clone the proprietary Unix operating system furthered this view.

I don’t think it’s helpful to look at free software projects as being “alternatives” to popular proprietary software, because this means that even the best free software will forever be in the shadow of its proprietary counterparts. For example, if you have a proprietary program X and a free program Y that does 70% of what X does, you’ll be inclined to judge Y unfavorably - but if that 70% covers what you need from program X, then program Y is an acceptable replacement for you.

This app is actually free (as in freedom) and not merely gratis.

https://github.com/bitwarden/authenticator-android

F-Droid has high inclusion standards (not high enough IMO but apparently too high for many Android developers). If a project isn’t in F-Droid and has no interest in being in F-Droid I consider it a red flag, but it’s crucial to find out if an issue has been opened and what the project’s response on that issue is. Sometimes it’s just because the developer(s) haven’t gotten around to it yet, but other times it’s because there’s a proprietary component that can’t be easily removed.

For example on this app (2fas) the reason it’s not on F-Droid is apparently because it uses Google cloud messaging (FCM) and there’s no interest in developing a version without. https://github.com/twofas/2fas-android/issues/14

Unfortunately with the security FUD against F-Droid peddled in part by PrivacyGuides and other organizations (which Obtainium and its fanbase happily help spread) there is decreasing interest even in using, let alone developing for, this repository.