We have defined a secure and usable architecture for decentralized package repositories that any mobile user can use and understand possible risks.

The next official release of the official F-Droid client will widely deploy this to our users. We then plan to make a final architecture document, so others can understand the whole model.

We would love any kind of feedback, our drafts are here: https://gitlab.com/fdroid/wiki/-/wikis/Repository-Management-Overhaul#architecture-and-ux-considerations