GrapheneOS F-Droid's repository metadata is poorly designed and the security is poor.
Thanks, I didn't know about this.
unless the Accrescent client was also compromised to remove app signing key pinning
No, the OS package manager is what implements the baseline pinning and downgrade protection.
Sorry for my ambiguous message. I was referring to the fact that the Accrescent client verifies an app's signature even before the first install, compared to baseline pinning from the Android OS which only verifies an app's signature during app updates. If I understand this correctly, this prevents a scenario where a compromised Accrescent server could deliver malicious apps to people who are installing them for the first time with the Accrescent client. A malicious actor would therefore need to compromise the Accrescent client as well. Again, please correct me if I'm wrong, I am not at all an expert in this topic.
By the way, thanks a lot for making GrapheneOS and staying in touch with the community. I learnt a lot from the beautiful GrapheneOS documentation and from your posts on the forum!