> I don't want to trust random people on a forum to provide a build of an OS without including malware
Why is it some communities still work like this? With Android dev, sometimes there's even some source on GitHub, but still a forum post is the main place to find the latest version, with the actual download from some questionable-looking download site. If you're lucky they include sha hashes at least.
I've installed a handful of custom ROMs on 3 or 4 devices - most recently resurrecting my old TF101 to run modern Firefox - but I don't think I've ever seen anything like an automated build for one of these. Really, many don't even post source code.
Is there anyone doing this type of Android dev in a "modern" best practices way like most other open source (public git, CI, maybe issue tracker and pull requests)? Why doesn't this catch on more?
Becauses the cost of doing a CI of Android is astronomical.
(Especially for students)
For my own ROM [1] I spent days and a hundred of euros optimizing the cost of building by trying various cloud providers (fwiw my current best spot is scaleway GP instance with 600GB local SSD). As of today, I'm still at 6€ per builds (For standard ROM devs, that should be cut down to 2€ I'd say). There is simply no way I can afford a CI. (well if someone wants to give me money for that, please do!)
I do my best to isolate components and have at least some kind of CI where I can, but that's hard work (And doing CI is my day job, and I consider myself rather good in it)
Even android's own CI is very far from what you'd call a modern CI. They basically just build master once every hour and pray for the best, and let the build cop fix that. They do have a mechanism where they try to build CLs in batches, but "try" is the keyword.
Sure you can, for 20+€/mo if you want your builds take less than a day. That's still astronomical for the enthusiasts compared to struggling to build on their own PCs.
Because the people doing it are mostly teenagers and hobbyists who do it for free because they think it's fun. They're not professional developers, so they don't follow professional dev best practices.
Why is it some communities still work like this? With Android dev, sometimes there's even some source on GitHub, but still a forum post is the main place to find the latest version, with the actual download from some questionable-looking download site. If you're lucky they include sha hashes at least.
I've installed a handful of custom ROMs on 3 or 4 devices - most recently resurrecting my old TF101 to run modern Firefox - but I don't think I've ever seen anything like an automated build for one of these. Really, many don't even post source code.
Is there anyone doing this type of Android dev in a "modern" best practices way like most other open source (public git, CI, maybe issue tracker and pull requests)? Why doesn't this catch on more?