Not clear if "contributor" is a person or an entity. The "hosting services" part make it sound more like a company rather than a natural person.
It has hosted quite a few famous services.
I doubt OSU is going to host F-Droid. It doesn't even sound like F-Droid would want them to host it.
It's a critical load-bearing component of FOSS on Android.
That said, I still think that hosting a server in a member's house is a terrible decision for a project.
True, which is why I said the important parts need to be held by the legal entity representing the organization. If one person tries to hold it hostage, it becomes a matter of demonstrating that person doesn’t legally have access any more.
I’ve also seen projects fall apart because they forgot to transfer some key element into the legal entity. A common one is the domain name, which might have been registered by one person and then just never transferred over. Nobody notices until that person has a falling out and starts holding the domain name hostage.
At least they know where it is. They can go knock on the door.
If they really want to run it out of a computer in their living room they should at least keep a couple servers on standby at different locations. Trusting a single person to manage the whole thing is fragile, but trusting a few people with boxes that are kept up to date seems pretty safe. What are the odds they'd all die together? Paying a colo or cloud provider is probably better if you care about more 9s of uptime, but do they really need it?
What is usually more critical is who has the credentials for the domain management.
Unless you have even the faintest idea about how F-Droid does it, please stop spreading FUD. All the article says is that it is not a normal contract but a special arrangement where one or a select few have physical access. It could be in a locked basement, it could be in a sealed off cage in a data center, it could be a private research area at a university. We don't know.
A special arrangement with an academic institution providing data center services wouldn't be at all surprising, that has been the case for many large open source projects since long before the term was invented, including Linux, Debian and GNU itself.
Many of these are run by professionals with high standards. The Debian project has done pioneering work with reproducible builds, for example, something the F-Droid project is also very much involved with. Those things are what creates trust in the project.
Yes, and that is exactly the problem. They didn't write "a large university/company/government institute which wishes to remains anonymous has graciously donated space in their ISOwhatever certified in-house hosting facility", they wrote "physically held by a long time contributor".
It is written as if it is just Some Guy's Mom's Basement, with a guarantee of Trust Me Bro. If it is indeed hosted in a professional environment, why don't they say so?
People are assuming the worst because it isn't their first rodeo, and they've seen it go wrong time and time again. If F-Droid wants to be taken seriously Just Trust Us isn't good enough - especially with their main selling point being "you can't trust Google"!
They would have said this if it were the case. Why would they make it sound so sketchy if it wasn't otherwise? There is no "FUD", you don't know better than anyone else would either, so you don't get to make that argument and then speculate yourself.
There is zero reason that server in the basement can't be a mirrored node to one or more vps'.
To extend your point, it's probably far better to have something cloud agnostic so it can flip between horribly compromised or attacked hosts.
Basement servers on Fibre, with a bit of knowledge and power backup can be just as reliable as most for one simple and over looked reason, they're reasonably obscure and don't fall under the attention large hosts receive. They absolutely have other issues to get rid of, which can be.
Self-hosting isn't about a "point of pride". Time reveals the value of self-sufficiency, not in every case to the absolute, but being able to.
Self-hosting at home is often similar skills to hosting a server in a datacenter, whether it's your own hardware co-located, rented server, or a managed server.
Or does it also serve the APKs?
Personally I would feel better about round robin across multiple maintainer-home-hosted machines.
I don’t know where you’re pricing coloration, but I could host a single server indefinitely from the interest alone on $400K at the (very nice) data centers I’ve used.
Collocation is not that expensive. I’m not understanding how you think $400K would disappear “fast” unless you think it’s thousands of dollars per month?
Modern computers are super efficient. A 9755 has 128 cores and you can get it for cheap. If you've been doing this for a while you'd have gotten the RAM for cheap too.
If I, a normie, can have terabytes of RAM and hundreds of cores in a colo, I'm pretty sure they can unless they have some specific requests.
And dude, I'm in the Bay Area. Think about that. I'm in one of the highest cost localities and I can do this. I bet there are Colorado or Washington DCs that are even cheaper.
In any event if I was the volunteer sysadmin that had to babysit the box, I would rather have it at my home with business fiber where I am on premises most of the time because getting in and out of a colo is always a whole thing if their security is worth a damn.
Even given a frugal and accessible setup like that I can imagine 400k lasting 5 years tops especially if paying for the volunteers business fiber and much more especially given I expect some of it is to provide a sustainable compensation to key team members as well. Every cent will count.
At that rate, that would buy you nearly 1000 years of hosting.
I really don’t know where the commenter above was getting the idea that $400K wouldn’t last very long
The jury's still out on whether or not this is a good thing.
So glad it grew into what it is now!
I Googled for that brand and got a few hits:
- https://inflect.com/building/1325-tracy-avenue-kansas-city/joes-datacenter/datacenter/joes-datacenter
- https://www.linkedin.com/company/joesdatacenter/
- https://www.facebook.com/joesdatacenter/
Another under appreciated point about that data center: It has excellent geographical location to cover North America.
Of course you have to buy the switches and servers…
IDK if they could bag this kind of grant every year, but isn't this the scale where cloud hosting starts to make sense?
Cloud hosting only makes sense at a very, very small scale, or absurdly large ones.
Basically anywhere with cage or cabinet colocation is going to have site access, because those delineations only make sense to restrict on-site human access.
A lot of these places are like fortresses
I can’t be the only one who read this and had flashbacks to projects that fell apart because one person had the physical server in their basement or a rack at their workplace and it became a sticking point when an argument arose.
I know self-hosting is held as a point of pride by many, but in my experience you’re still better off putting lower cost hardware in a cheap colo with the contract going to the business entity which has defined ownership and procedures. Sending it over to a single member to put somewhere puts a lot of control into that one person’s domain.
I hope for the best for this team and I’m leaning toward believing that this person really is trusted and capable, but I would strongly recommend against these arrangements in any form in general.
EDIT: F-Droid received a $400,000 grant from a single source this year ( https://f-droid.org/2025/02/05/f-droid-awarded-otf-grant.htm... ) so now I’m even more confused about how they decided to hand this server to a single team member to host in unspoken conditions instead of paying basic colocation expenses.