[oez]

I now use Obtanium[1] for my open source android apps, it grabs apks straight from the source (github, gitlab etc.). Once you get each app set up its a breeze and you don't have to deal with fdroids strangeness.

[1] https://github.com/ImranR98/Obtainium

[onli]

Obtanium is cool and useful for some apps, but it's a strictly worse option than f-droid . With it, when a developers goes rogue or a git repository gets overtaken there is no security measure anymore that could catch that. Also, the measures f-droid takes to ensure the software is free can be welcomed - the article nitpicks one case where it went wrong, but ignores completely that one could prefer free software in general. If one does, f-droid is the best choice available.

[beeflet]

this is cool, I use f-droid, but there are a few external sites I still need to fetch APKs from every once and a while. Does this still check the signatures?

[flutas]

App signature is enforced by the system, so yeah.

Doesn't check MD5/SHA1 signatures afaik though if that's what you meant.