We're definitely interested in being a curator and in fact we already are one (plan is with time to allow other relays and curators). We'll see how everything plays out, for sure there will be tons of developers that will not sign their apps and curators will have to in their place. I don't really like F-Droid's model for non-reproducible builds, I'd rather pull the dev build with their own certificate and stamp a nostr signature on it. Step by step 😄
Discussion
For me it depends on the app. I don't love the centralisation and their sometimes obnoxious behaviour; but I prefer my chances of being rugged by f-driod's build process than any one of 6 app developers build process.
sure, depends, for critical apps (ie money) I would only use apps sourced from devs (better if it has reproducible attestation)
It will be interesting to see how it all plays out.
I'd definitely value a dev attesting that they reviewed all the code added to Sparrow Wallet in a release and Craig Raw isn't obviously rugging everyone. I'd want to zap that.
Sure. But besides reproducible builds it's impossible to know if the build is not manipulating the source code. So you got to trust the dev and the build environment