> where are the better software pipelines not controlled by corporations
You're joking, right? Any tool that allows you to configure your own trust roots qualifies: `apt install`, `flatpak install`, etc. Even most laptop SecureBoot implementations qualify at this point!
This isn't a dichotomy - of course Apple should police the apps they serve as a root for. The issue is having a monolithic pipeline that doesn't distinguish the vendor root from the tool itself. The F-Droid app store is a good example of one approach to addressing this problem on a mobile device.
You're joking, right? Any tool that allows you to configure your own trust roots qualifies: `apt install`, `flatpak install`, etc. Even most laptop SecureBoot implementations qualify at this point!
This isn't a dichotomy - of course Apple should police the apps they serve as a root for. The issue is having a monolithic pipeline that doesn't distinguish the vendor root from the tool itself. The F-Droid app store is a good example of one approach to addressing this problem on a mobile device.